PolyEdge - Polymarket Correlation Analyzer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: polyedge Version: 0.1.1 The skill bundle provides a Polymarket correlation analyzer, which can be run locally or accessed via a paid API. All external network calls (Polymarket API, Basescan API, Base RPCs) are directly related to fetching market data and verifying payments for the API service, as seen in `src/polymarket.py`, `src/dashboard.py`, and `src/x402.py`. Configuration is handled via environment variables (`os.environ.get`), which is standard practice and does not indicate exfiltration of unrelated sensitive data. The `SKILL.md` and `PLAN.md` documents contain no prompt injection attempts or instructions for the AI agent to perform unauthorized actions; `PLAN.md` even explicitly outlines several security best practices.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent uses the hosted API, it may send market identifiers to an external service and require a USDC payment.
The skill documents an external paid API path. This is disclosed and aligned with the service model, but paid requests should remain under user control.
GET https://api.nshrt.com/api/v1/correlation?a=<slug>&b=<slug> ... Pricing: $0.05 USDC on Base L2 ... Retry with `X-Payment: <tx_hash>` header
Use the local analyzer when possible, and require explicit user approval before any x402 payment or paid API call.
A user or agent could treat a heuristic signal as a reason to trade even though the tool does not model liquidity, slippage, or full market risk.
The skill outputs trading-style recommendations, while also disclosing important limitations. This is purpose-aligned but could influence financial decisions if over-trusted.
`BUY_YES_B` | Market B underpriced, buy YES ... Limitations ... Does not account for market liquidity/slippage ... Not financial advice
Treat outputs as informational only and require human review before any Polymarket trade or financial action.
If a user pays the hosted API, their wallet address and payment transaction may appear in the service dashboard.
The dashboard aggregates and returns recent payment transaction hashes, sender wallet addresses, and amounts. These are public blockchain records, but the dashboard links them to use of this service.
"recent_payments": recent_txs ... "hash": tx.get("hash"), "from": tx.get("from"), "amount": int(tx.get("value", 0)) / 1e6Users who care about wallet privacy should review the dashboard behavior before paying and consider using a wallet address they are comfortable linking to this service.