ClawHub
Back to skill
v1.0.8

Polymarket Bots by

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:03 AM.

Analysis

The skill coherently controls Dawn prediction-market bots, but it can log into an account, handle funding, approve strategy rules, and launch live budgeted trading runs, so it needs careful review before installation.

GuidanceOnly install this if you intend to let the agent operate Dawn prediction-market strategies. Use paper mode first, verify the npm package, confirm the active Dawn account, set an explicit budget and duration, avoid approve-all unless you reviewed the rules, and require confirmation before any funding or live launch.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
`dawn strategy rules <conversationId> approve-all` ... `dawn strategy launch <conversationId> --budget <usd> [--live] [--hours N]`

These commands let the agent approve all strategy rules and start a live strategy with a dollar budget; the instructions do not require a separate explicit confirmation before live launch or approve-all.

User impactIf used incautiously, the agent could start or authorize a live prediction-market strategy that spends real funds within the chosen budget.
RecommendationRequire explicit user confirmation for live mode, budget, duration, and each rule approval; prefer paper runs unless the user clearly asks for live trading.
Rogue Agents
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`dawn strategy launch <conversationId> --budget <usd> [--live] [--hours N]` ... `dawn run stop <conversationId>`

The launch command can create an active strategy run, `--hours` is optional, and stopping is a separate requested action, so a run may continue outside the immediate chat turn.

User impactA bot could keep operating until its configured duration ends or until the user explicitly stops it.
RecommendationAlways set a duration for live or paper runs, record the run ID, and verify stop status after any requested termination.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install -g @dawnai/cli

The global npm install is central to the skill's stated purpose, but the artifact does not pin a package version, so users rely on the current external package.

User impactThe installed CLI comes from an external package source and may change over time.
RecommendationVerify the package publisher and consider pinning or reviewing the Dawn CLI version before using it with account or trading access.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
1. Authenticate: `dawn auth login`. 2. Confirm funding path: `dawn account fund` (required for live runs).

The skill requires access to a user's Dawn account and funding flow; this is high-impact account authority, and the registry requirements list no primary credential.

User impactInstalling or using the skill may give the agent operational access to account, wallet, and funding-related actions for a prediction-market service.
RecommendationTreat Dawn login as a sensitive account permission, verify which account is active, and do not proceed to funding or live runs without a clear user approval.