Polymarket via Gina
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is clearly for Polymarket trading, but it connects a long-lived trading token and supports automated real-money trades with limited visible safeguards.
Install only if you trust askgina.ai and understand that Polymarket trading uses real money. Verify the URL, keep the token private, start with read-only queries, use limited funds, require confirmations where possible, set strict automation limits, and know how to pause automations and revoke tokens.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood prompt, compromised session, or unsafe automation could place trades, cancel orders, or otherwise change financial positions.
The skill exposes real-money trading and account-mutation actions. The artifact only states that large trades require confirmation, so approval requirements for smaller trades or automated trades are not clearly bounded.
Place market orders and limit orders on Polymarket ... View and cancel open orders ... Redeem winnings ... Large trades require explicit confirmation before executing.
Use read-only prompts first, require confirmation for every trade where possible, set strict spend and market limits, and avoid enabling trading automations until you understand the safeguards.
Anyone who obtains the token may be able to access the Gina/Polymarket integration and potentially affect trading activity until the token expires or is revoked.
The setup requires a long-lived credential that the artifact itself compares to a private key. That token appears to delegate access to trading functionality, but the artifacts do not describe fine-grained token scopes or limits.
Authorization: Bearer <PASTE_TOKEN_HERE> ... Auth: Long-lived JWT token generated at https://askgina.ai/agent-setup. Tokens expire after 90 days ... Treat your token like a private key
Only paste the token into trusted MCP clients, verify the askgina.ai domain, use a separate low-balance wallet/account if possible, and revoke the token immediately if exposed.
An automation could continue making trading decisions after the initial setup, creating ongoing financial exposure.
The skill supports persistent scheduled jobs and fully automated strategies that can trade on the user's behalf. The artifact says they can be managed, but does not define default stop conditions, budgets, or approval boundaries.
Set up Recipes — scheduled automations that trade or alert on your behalf ... Set up fully automated trading strategies that scan, filter, trade, and journal for you.
Define explicit budgets, duration, stop-loss or cancellation rules, and review/pause/delete automations regularly.
The provider may receive trading prompts, account-related requests, and token-authorized actions.
The skill routes MCP requests and the Bearer token to an external Gina server. This is expected for the integration and is disclosed, but users should understand that prompts and trading-related interactions leave the local client.
Server URL: https://askgina.ai/ai/predictions/mcp ... transport: http ... headers: { Authorization: Bearer <PASTE_TOKEN_HERE> }Use the integration only if you trust Gina's service, keep the token private, and avoid sending unrelated sensitive information in prompts.