Back to skill
Skillv0.1.0
VirusTotal security
Polymarket Fast Loop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:33 AM
- Hash
- 96e8a4b1b399fd25621ce9161a0d2d009b2531d95e037ce2bfe48098a3f04182
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarketbot Version: 0.1.0 The skill is designed for automated crypto trading on Polymarket, which inherently involves high financial risk and the handling of sensitive credentials. The `SKILL.md` and `fastloop_trader.py` explicitly instruct the user and agent to store the `WALLET_PRIVATE_KEY` (for the Polymarket wallet holding USDC) as an environment variable. While this is necessary for the skill's stated purpose of client-side order signing, storing a private key in an environment variable is a significant security vulnerability. If the agent's execution environment is compromised, this key could be exposed, leading to unauthorized access to user funds. There is no evidence of intentional malicious behavior (e.g., exfiltration of the key to an unauthorized endpoint, backdoors, or malicious prompt injection), but the method of handling such a critical credential makes the skill suspicious due to the high-risk vulnerability it introduces.
- External report
- View on VirusTotal