Back to skill
Skillv0.1.5
VirusTotal security
Polymarket CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:22 AM
- Hash
- 4ae41a988c9a04ec4118167f6a41615f13c2b8bbba468e91b0f3df160b526ca1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: poly-cli Version: 0.1.5 The skill provides a CLI interface for Polymarket that handles sensitive operations, including importing and overriding private keys via command-line arguments and configuration files (SKILL.md, commands.md). It explicitly directs the agent to install software using a high-risk 'curl | sh' pattern from a remote GitHub repository (https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh), which is a common vector for supply chain attacks and arbitrary code execution. While these capabilities are functionally relevant to a trading tool, the combination of raw credential handling and unverified remote script execution presents a significant security risk.
- External report
- View on VirusTotal