Polymarket Bots by
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill clearly describes a Dawn trading-bot workflow, but it can authenticate, fund accounts, approve rules, and launch live prediction-market strategies without explicit approval and safety limits.
Install only if you intentionally want an agent to operate Dawn trading strategies. Keep it in paper mode until reviewed, explicitly approve any funding or live launch, set small budgets and durations, and verify all strategy rules before using approve-all.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could unintentionally authorize live market activity or broad rule approval, risking financial loss or unwanted account changes.
These commands can fund an account, approve all strategy rules, and launch a live strategy with real money, but the instructions do not require explicit user approval or safety limits before those actions.
`dawn account fund`; `dawn strategy rules <conversationId> approve-all`; `dawn strategy launch <conversationId> --budget <usd> [--live] [--hours N]`
Require explicit confirmation before funding, approving rules, uploading code, or launching live runs; default to paper mode; set budget and duration caps.
A mistaken or risky live strategy could continue operating and affect funds until the user notices and stops it.
The skill can start an active trading strategy and only describes stopping it when requested; the duration limit is optional and there are no mandatory containment checks.
Launch and operations: `dawn strategy launch <conversationId> --budget <usd> [--live] [--hours N]` ... `dawn run stop <conversationId>`
Use paper mode first, require a fixed duration for every run, define stop conditions, and verify status after launch and stop.
The agent may operate using the user's Dawn account privileges.
The skill requires Dawn account authentication and can view or act on account and wallet information. This is expected for the stated purpose, but it is sensitive account authority.
Auth: `dawn auth login`; Account: `dawn account overview`; `dawn account fund`; `dawn account wallet`
Use the intended Dawn account only, review account/funding prompts carefully, and log out when finished if the environment is shared.
Installing or updating the CLI changes the code that will handle authentication and trading commands.
The skill depends on installing a global npm CLI package. This is purpose-aligned, but the package is not pinned in the instructions and the CLI is the component that performs sensitive operations.
`npm install -g @dawnai/cli`
Verify the package source, use a trusted version, and install it in an environment appropriate for financial operations.