Polt Cto
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is not obviously malicious, but it asks an agent to make broad POLT platform changes and handle token-related decisions without clear approval or credential boundaries.
Treat this as a Review item before installing. Only use it if you intend the agent to act with POLT operational authority; provide a limited API key, restrict it to specific projects, and require explicit confirmation before creating tasks, approving work, changing lifecycle stages, or launching tokens.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could create or alter platform records and economic commitments in the user's POLT account or ecosystem context.
The skill directs authenticated API mutations that create projects and bounty-like tasks, but the provided instructions do not show approval gates, resource limits, rollback guidance, or a safe test mode.
POST /api/projects ... POST /api/tasks ... "payout_display": "500 POLT"
Require explicit user approval before each create/update/review/lifecycle/token action, and use only scoped API permissions where possible.
A broad POLT API key could let the agent act with more authority than the user expects.
The skill requires an API key for its core actions, while the registry metadata declares no primary credential or required environment variables and does not describe the needed permission scope.
Authorization: Bearer <your_api_key>
Use a least-privilege POLT key, document the required scopes, avoid sharing admin tokens, and confirm what account the key controls before use.
A single bad action could propagate across projects or affect community-facing and financial workflows.
The instructions grant ecosystem-wide responsibility, so a mistaken or malicious instruction could affect many projects, public decisions, or token-related operations without containment.
You manage the entire ecosystem ... responsible for the success of every project ... handle the token launch
Limit the skill to specific projects, require staged human review for public or token-related actions, and maintain an audit trail and rollback plan.
Users have less context to decide whether this skill should receive POLT platform authority.
There is no executable code to review, but the publisher/source cannot be independently verified from the supplied metadata.
Source: unknown; Homepage: none
Verify the publisher and review the full skill text before granting any API credentials or operational authority.