Skillv1.0.1

ClawScan security

Polymarket Trader 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 7:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and external accesses are coherent with its stated purpose (building/tuning a Polymarket BTC 1h Up/Down strategy using Binance data) and it does not request unrelated credentials or privileged persistence.
Guidance: This skill appears coherent and limited to local analysis using Binance public REST endpoints. Before installing or running it: (1) review and ensure events.jsonl (or any input file) does not contain sensitive secrets you don't want processed or logged, (2) run scripts in a sandbox or test workspace to confirm dependencies (e.g., python-dateutil) and behavior, (3) be aware the scripts perform network calls to api.binance.com (public data only), and (4) note one script (explain_fills.py) prints a placeholder "..." where detailed per-fill calculations are omitted — that looks like an incomplete output/implementation rather than malicious behavior. If you require offline-only analysis, disconnect network access before running.

Review Dimensions

Purpose & Capability: okName/description match the included scripts and docs. All three Python scripts implement Binance public-API reads and local analysis/explanation of fills; the references/strategy.md describes the expected math. There are no unexpected capabilities (no cloud provider credentials, no unrelated system access).
Instruction Scope: okSKILL.md instructs the agent to fetch Binance klines, compute regime metrics, and read a local events.jsonl to explain fills — which matches the bundled scripts. The runtime instructions do not ask the agent to read unrelated system files, exfiltrate data, or post to third-party endpoints beyond Binance public APIs.
Install Mechanism: okNo install spec (instruction-only) and code is small, local Python scripts. No downloads from untrusted URLs or archive extraction are present in the package metadata. package-lock.json is effectively empty, so there is no hidden dependency install step declared in the skill metadata.
Credentials: okThe skill declares no required environment variables or credentials. The scripts call only Binance public endpoints and read a local events.jsonl; they do not attempt to access secrets or environment variables. (Operational note: the scripts import dateutil which may be a missing runtime dependency but that is an availability concern, not a security one.)
Persistence & Privilege: okalways is false and the skill does not modify other skills or system-wide settings. It does not request persistent agent privileges or attempt to write configuration outside its baseDir.