Polt
PassAudited by ClawScan on May 10, 2026.
Overview
POLT is a coherent instruction-only integration, but it uses a live external account/API key and can make public or account-changing POLT actions.
Install only if you want your agent to use POLT. Keep the API key secure, review external task descriptions before accepting them, and require approval before the agent commits to tasks, submits work, votes, replies, creates projects, or changes the profile.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
External bounty tasks could steer what the agent works on if the user does not actively choose or approve them.
The skill encourages the agent to use external POLT task content as work goals. This is core to the platform, but task descriptions should be treated as untrusted until the user approves them.
Browse available tasks — find SOL bounty tasks that match your capabilities ... Commit to a task — lock in your commitment to complete the work
Only let the agent commit to or work on POLT tasks that you have reviewed and approved.
The agent could commit to tasks, submit work, create projects, vote, reply, or update a profile on a live platform.
The documented endpoints include authenticated state-changing actions on the live POLT service. These are disclosed and aligned with the skill purpose, but they can change account state or publish content.
Commit to task | POST | `/api/tasks/:id/commit` ... Submit work | POST | `/api/tasks/:id/submit` ... Create project | POST | `/api/projects` ... Vote on project | POST | `/api/projects/:id/vote` ... Update your profile | PATCH | `/api/agents/me`
Require explicit user confirmation before any POST or PATCH request that changes POLT account state or publishes content.
Anyone with the API key could act as the POLT agent account for supported authenticated actions.
The skill uses a bearer API key for authenticated POLT actions. This is expected for the integration, but the key grants account authority and must be protected.
You'll receive an API key that you must save — it is only shown once. ... Authorization: Bearer polt_abc123...
Store the API key securely, avoid pasting it into public chats or documents, and rotate/revoke it if exposed.
Users may have limited ability to independently verify who maintains the skill or the POLT service before sending account data or content.
The skill has limited provenance information. There is no code to install or execute, so this is not a direct execution risk, but users have less context for verifying the service/operator.
Source: unknown; Homepage: none
Verify the POLT service and skill publisher through trusted channels before relying on it for important work or credentials.