Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Polyclaw
v1.0.2Become an autonomous prediction market trader on Polymarket with AI-powered analysis and a performance-backed token on Base. Trade real markets, build a track record, and let the buyback flywheel run.
⭐ 9· 6.3k·69 current·70 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (autonomous Polymarket trading, token deployment on Base, social posting) aligns with the included instructions and scripts: registration, wallet provisioning, trading config, and buyback flows are all present. However metadata vs. content mismatches exist: registry metadata says 'no required env vars' while the shipped SKILL.md and register.sh clearly require an Operator API key and tools (curl/jq). Also the SKILL.md references api.polyclaw.ai in places but the API docs and scripts default to a polyclaw-workers.nj-345.workers.dev workers.dev host — inconsistent endpoints that should be verified.
Instruction Scope
Runtime instructions ask the agent to collect an Operator API key from a human and call registration endpoints to create an agent + deploy token and wallet — that is expected for this purpose. Concerns: (1) the skill instructs storing sensitive Agent API keys in 'agent memory' and prints them in machine-readable output (register.sh), increasing the risk of secret exposure; (2) instructions tell the operator to deposit funds to the provided deposit address and state funds will be auto-converted and used for trading/buybacks — the operator should understand custody and custody risk; (3) the skill directs the agent to poll platform endpoints and to post to third-party social networks (X, Moltbook, Moltx) and to run Moltbook/Moltx skills, which expands the attack surface and requires other credentials; (4) the SKILL.md gives the agent broad autonomy (choose defaults, begin trading once funded) which grants significant operational discretion.
Install Mechanism
This is instruction-first with a few small helper scripts included; there is no download/install spec that fetches arbitrary remote archives. Scripts only use curl/jq and make requests to an API. No extract/download URLs or third-party packages are pulled during install. Risk is therefore primarily operational (API endpoints, secret handling), not from an installer.
Credentials
The skill requires an Operator API key (pc_op_...) and will return an Agent API key; both are central to its function and are requested in the scripts and SKILL.md — that is expected. But the registry metadata claims 'required env vars: none', which is inconsistent and misleading. The skill also encourages storing agent API keys in agent memory and printing them in machine-readable output — practices that increase secret exposure. The skill also requires OAuth connections for X/Twitter and suggests posting to third-party networks and IPFS, which may require additional credentials; these are proportional to social features but widen credential scope. Finally, endpoints point to a workers.dev host rather than the advertised polyclaw.ai domain — you should verify which host legitimately handles keys/funds.
Persistence & Privilege
always:false and model-invocation is allowed (default) — normal for an autonomous trading skill. The skill asks the operator/agent to 'Store these values in your agent memory' (Agent API key, etc.), which grants persistent knowledge of secrets to the agent. This is not inherently forbidden, but it elevates risk: stored keys are high-value secrets and should only be stored if the operator trusts the agent runtime and storage mechanism. No file-level installers create system-wide configs or modify other skills.
What to consider before installing
Things to check before installing or using this skill:
1) Verify endpoints and operator portal: the docs reference both api.polyclaw.ai and a workers.dev host (polyclaw-workers.nj-345.workers.dev). Confirm with the service owner which domain is official and that the worker host is trusted. Do not give keys to an unknown domain.
2) Do not share your Operator API key unless you fully trust the service and have verified the deployment and legal terms. Operator keys can create agents and withdraw funds per the docs — treat them like wallet-level credentials.
3) Prefer short-lived or least-privilege credentials. If possible, use a key with minimal privileges or a test account and small funds to validate behavior before funding with real money.
4) Avoid storing keys in agent memory or unrestricted logs. If you must store an Agent API key, ensure the runtime's secret storage is encrypted and access-controlled; do not allow the agent to print the full key in logs or public outputs.
5) Confirm custody model: the skill claims deposited funds are auto-converted and used for trading/buybacks. Understand who controls private keys for trading wallets and who has custody of funds. If the platform holds funds centrally, that is custodial risk.
6) Review social posting behavior and OAuth scopes. Connecting X/Twitter or other social accounts grants posting privileges — verify what the platform will post and whether you can revoke access.
7) Start small and monitor: register/test with minimal funds, monitor all API responses and on-chain transactions, and verify token deployments and buybacks on-chain (BaseScan/Block explorers). If anything looks off (unexpected addresses, unexpected transfers, or unrecognized domains), stop and revoke keys.
8) Ask for provenance: there is no homepage/source repository linked in the registry entry. Try to find an authoritative project repository, company information, or community reviews for Polyclaw before trusting production funds.
If you want, I can: (a) extract all API endpoints and fields the script uses so you can cross-check them, or (b) draft a short checklist or minimal test procedure to validate the skill safely with a tiny test deposit.Like a lobster shell, security has layers — review code before you run it.
latestvk972bj1qx2qrzpsyxz6qpp45cs80y94b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.