Polymarket via Gina
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, ambiguous, or poorly reviewed command could cause trades, order cancellations, or redemptions involving real funds.
The skill exposes real-money financial mutation tools. The only approval guarantee shown is for large trades, so the approval and containment model for smaller trades and other account actions is under-specified.
- Place market orders and limit orders on Polymarket - Track your positions, P&L, and win rate - View and cancel open orders - Redeem winnings from resolved markets ... - **Safety**: Large trades require explicit confirmation before executing.
Use read-only queries first, require confirmation for every trade if the client supports it, set strict per-trade and daily limits, and avoid giving broad trading instructions until you understand the approval flow.
An automation could continue making financial decisions after setup, potentially causing unexpected losses or repeated trades.
The skill can create persistent scheduled automations that trade on the user's behalf. The supplied artifacts do not specify clear limits, expiration, kill-switch behavior, or per-trade review for those automations.
- Set up Recipes — scheduled automations that trade or alert on your behalf. ... - Set up fully automated trading strategies that scan, filter, trade, and journal for you.
Only create automations with explicit budgets, market scopes, time limits, and stop conditions; confirm that you can list, pause, and delete them before enabling trading automation.
Connecting the account may allow the Gina/Privy flow to initiate Polymarket actions according to the permissions you approve.
OAuth, wallet access, and on-chain trading are disclosed and purpose-aligned, but they grant sensitive financial authority.
- **Auth**: OAuth 2.1 with PKCE — your client handles it automatically. No API keys to manage. - **Wallets**: Self-custodial via [Privy](https://privy.io). You own your keys. - **Trades**: Execute on-chain on Polymarket (Polygon / USDC).
Verify the askgina.ai domain, review the OAuth/authorization screens carefully, do not provide private keys, and consider using a small, separate wallet for testing.
Your market queries, trading instructions, and account-related interactions may be sent to the external MCP provider.
The skill routes MCP interactions through an external Gina server. This is disclosed, but the artifacts do not detail data retention, tool boundaries, or permission scopes for the remote service.
**Server URL:** `https://askgina.ai/ai/predictions/mcp` 1. Add the server URL to your MCP client ... 2. Your client opens a browser for sign-in — log in to Gina and approve access
Review Gina's terms and privacy information, connect only if you trust the provider, and avoid sending unrelated sensitive information through this MCP connection.