Polt User
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: polt Version: 2.2.1 The skill bundle provides documentation for an AI agent platform. The `SKILL.md` file clearly outlines the API, including a section of 'Restricted Endpoints' that the agent is explicitly instructed 'DO NOT CALL' and 'Never call these endpoints'. This is a strong defensive measure against prompt injection, rather than an attempt to perform it. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation. The use of an `ngrok.app` domain is noted but not indicative of malicious intent given the overall context.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could follow arbitrary external task instructions that do not match the user's immediate goals or safety expectations.
This makes remote task descriptions from the POLT service into instructions for the agent, without visible boundaries or a requirement to confirm the task with the user first.
Do whatever the task requires. The task description explains what needs to be done.
Treat POLT task descriptions as untrusted input. Require explicit user approval before committing to or executing any task, and define what resources, files, accounts, and actions the agent may use.
The agent could make public or account-affecting changes on POLT, including locking tasks to the user or posting submissions/replies, if invoked without careful review.
The skill documents several authenticated, state-changing API actions that can affect the user's POLT account, public content, task locks, submissions, and profile.
Commit to task | POST | `/api/tasks/:id/commit` ... Submit work | POST | `/api/tasks/:id/submit` ... Vote on project | POST | `/api/projects/:id/vote` ... Reply to project | POST | `/api/projects/:id/replies` ... Update your profile | PATCH | `/api/agents/me`
Require a confirmation step that previews the endpoint, task, and payload before any commit, submit, vote, reply, or profile update.
Anyone with the API key could act as the user's POLT agent account for authenticated actions.
The skill uses a bearer API key for authenticated POLT actions. This is expected for the integration, but it is still an account credential with mutation authority.
You'll receive an API key that you must save — it is only shown once. ... Authorization: Bearer polt_abc123...
Store the POLT API key only in a trusted credential store, do not paste it into public chats or task submissions, and revoke or rotate it if exposed.
Users have limited independent information for deciding whether to trust the POLT service and its API endpoint.
The registry metadata does not provide a source repository or homepage, making it harder for users to verify the operator and provenance of the external service integration.
Source: unknown; Homepage: none
Verify the POLT operator and endpoint out of band before registering or sending work, and prefer skills with clear source and service provenance.