Prediction Market Creator
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose, but it can automatically use a wallet private key to send blockchain transactions and publish markets without clear per-action approval or strong limits.
Only use this with a dedicated low-balance Base Sepolia test wallet and after reviewing the code. Do not reuse a valuable wallet private key. Before scheduling it, add or require a dry-run/confirmation step, verify the RPC network and contract address, cap deposits and gas, and review each generated market before it is published.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with a funded wallet or the wrong RPC network, the skill can spend funds or perform blockchain actions from that wallet.
The skill loads a wallet private key from the local environment and derives a signing account, giving it authority to transact from that wallet.
PRIVATE_KEY = os.getenv("PRIVATE_KEY") ... account = w3.eth.account.from_key(PRIVATE_KEY)Use only a fresh, low-balance testnet wallet; declare this credential clearly; verify the RPC chain ID and contract address; and require explicit user confirmation before signing transactions.
A generated market can be created and paid for without a human reviewing the specific question, duration, deposit, or chain before submission.
The skill builds, signs, and submits a payable blockchain transaction automatically, using the market duration selected by the model and a deposit amount read from the contract.
tx = contract.functions.openNewMarket(duration_days).build_transaction({ ... 'value': min_deposit ... }) ... tx_hash = w3.eth.send_raw_transaction(signed_tx.raw_transaction)Add a dry-run mode, per-market approval, strict duration and deposit caps, chain-ID validation for Base Sepolia, and clear rollback/failure handling before broadcasting transactions.
A malicious or manipulative post could influence the agent to create an inappropriate, misleading, or unwanted market.
Untrusted Twitter/X post text is inserted directly into the Claude prompt, and the model's JSON output is later used to create a market. The artifacts do not show prompt-injection defenses or independent validation of the generated proposal.
prompt = f"""From these X posts: {json.dumps(tweets, default=str)} ... Pick a NEW debatable hot topic ... Return ONLY JSON"""Treat tweets as untrusted data, add explicit instructions to ignore commands inside fetched content, validate all model fields against strict rules, and require human approval before publishing.
A scheduled run could repeatedly create markets and consume wallet funds or platform capacity until stopped.
The documentation encourages recurring autonomous execution. This is disclosed and aligned with the stated purpose, but it can continue creating markets and sending transactions if scheduled.
Run it on a schedule (cron job) to continuously create new markets.
Use scheduling only with strong limits, monitoring, alerts, and a low-balance test wallet; consider requiring approval for each market even in scheduled mode.