ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Arb Scanner Pro

v1.0.0

Scans top Polymarket markets for pure arbitrage where YES + NO < $0.94, enabling risk-free simultaneous Fill-or-Kill trades with liquidity and risk controls.

0· 106·0 current·0 all-time
byMike@themsquared

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for themsquared/polymarket-arb-scanner-pro.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Polymarket Arb Scanner Pro" (themsquared/polymarket-arb-scanner-pro) from ClawHub.
Skill page: https://clawhub.ai/themsquared/polymarket-arb-scanner-pro
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install polymarket-arb-scanner-pro

ClawHub CLI

Package manager switcher

npx clawhub@latest install polymarket-arb-scanner-pro
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code implements a Polymarket arb scanner and executor consistent with the name/description. However, the registry metadata declares no required environment variables or credentials while both SKILL.md and the script require PRIVATE_KEY and WALLET_ADDRESS — a clear mismatch. SKILL.md also claims 'SQS integration for automated execution' but there is no SQS code in the repository.
!
Instruction Scope
Runtime instructions (SKILL.md) direct the user to store a raw PRIVATE_KEY and WALLET_ADDRESS in .env or env vars and to run the script which can place real market orders. The script reads .env, calls Polymarket/Gamma APIs, and will execute market trades when run with --buy. The instructions do not attempt to read unrelated system files, nor do they transmit data to external endpoints beyond Polymarket/CLOB hosts — but they do instruct providing a highly sensitive private key and describe automated execution flows that could move real funds.
Install Mechanism
No install spec is provided (instruction-only), and the SKILL.md asks to pip install requests and polymarket-clob-client. There are no downloads from arbitrary URLs or archive extraction. Installing the python dependency from PyPI is expected for this functionality and is moderate-risk but standard.
!
Credentials
The skill requires a Polygon wallet PRIVATE_KEY and WALLET_ADDRESS to create a CLOB client and place orders — those credentials are necessary for execution, but the registry metadata did not declare them. The code calls client.create_or_derive_api_creds() after instantiating ClobClient with the private key; it's unclear whether that function exposes the private key to a remote service or derives credentials locally, which increases risk. Requesting a raw private key is high sensitivity and should be justified and audited before use.
Persistence & Privilege
The skill is not force-included (always:false) and does not request persistent system-level privileges. It does not modify other skills' configurations. It will, if run, create API credentials via the CLOB client and place orders on Polymarket, which is expected behavior for an execution skill.
What to consider before installing
This skill will attempt to place real trades using a Polygon wallet private key. Before installing or running: 1) Do not provide your primary wallet private key. Use a dedicated deployment wallet with minimal funds and strict limits. 2) Inspect the py_clob_client (polymarket-clob-client) package source — especially the implementation of create_or_derive_api_creds() — to verify it does not send your raw private key to an external server. 3) Confirm SKILL.md claims (SQS integration) match the code; if you need automated execution, ask the author for details or code for the SQS integration. 4) Run the script in dry-run mode first (--buy omitted) and review network calls (e.g., via a proxy) to confirm only expected endpoints (gamma-api.polymarket.com, clob.polymarket.com) are contacted. 5) If you plan to execute trades, consider hardware signers or separate signer services rather than embedding raw keys in .env, and review/limit the wallet's on-chain allowance. Given the missing metadata and the sensitivity of the key usage, proceed only after code and dependency review or treat this as untrusted code.

Like a lobster shell, security has layers — review code before you run it.

arbitragevk976mewjpvfvr49b7jydw5jghx83dzbflatestvk976mewjpvfvr49b7jydw5jghx83dzbfpolymarketvk976mewjpvfvr49b7jydw5jghx83dzbfprediction-marketsvk976mewjpvfvr49b7jydw5jghx83dzbftradingvk976mewjpvfvr49b7jydw5jghx83dzbf
106downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Mike@themsquared
arbitragelatestpolymarketprediction-marketstrading
Download

Polymarket Arb Scanner Pro

Pure math arbitrage on Polymarket. Finds markets where YES + NO < $0.94 (6¢+ gap). No prediction required — guaranteed profit at resolution. Includes liquidity filter, market blacklist, and SQS integration for automated execution.

What It Does

  • Scans up to 500 Polymarket markets sorted by 24h volume
  • Finds YES + NO sum < $1.00 — pure arbitrage with locked-in profit
  • Default minimum edge: 2¢ (covers gas + slippage)
  • Executes both legs as Fill-or-Kill (FOK) — no leg risk
  • Risk manager integration (position limits, rate limiting)
  • Kelly-like sizing within deployable balance

The Math

If YES costs 45¢ and NO costs 50¢ = total 95¢ to hold both. At resolution, one pays $1.00. Locked-in profit: 5¢ on 95¢ deployed = 5.3% risk-free return.

edge = 1.00 - (yes_price + no_price)
profit = edge * deploy_size

Setup

pip install requests

Configure .env in script directory:

PRIVATE_KEY=your_polygon_private_key  
WALLET_ADDRESS=0xYourPolymarketWallet

Or export as environment variables.

Usage

# Scan only (dry run)
python3 arb_scanner.py

# Set minimum edge
python3 arb_scanner.py --min-edge 0.04

# Scan more markets
python3 arb_scanner.py --limit 1000

# Execute found arbs
python3 arb_scanner.py --buy

# Execute with custom deployment size
python3 arb_scanner.py --buy --max-deploy 100

Execution

  • Both legs execute as FOK simultaneously
  • If either leg fails → no position taken (safe)
  • Maximum 3 arbs executed per run
  • Keeps $10 reserve in wallet at all times

Risk Management

Integrates with risk_manager.py if present:

  • Per-market position limits
  • Rate limiting (no order spam)
  • Portfolio exposure tracking

Output Example

⚡  POLYMARKET ARB SCANNER
    Min edge: 2.0% | Scanning 500 markets

📡 Fetching markets...
   483 markets loaded

⚡ Found 3 arb opportunity(ies):

  Edge    YES      NO    Vol24h  Question
  ----   ---      --    ------  --------
  4.2%  48.0%  47.8%  $892,341  Will Bitcoin exceed $100k by March?
  3.1%  31.0%  65.9%   $45,201  Will Fed cut rates in March 2025?
  2.3%  72.1%  25.6%  $234,882  Will the Lakers win the championship?

Requirements

  • Python 3.9+
  • py_clob_client: pip install polymarket-clob-client
  • Polymarket wallet with USDC on Polygon

Notes

Pure arb opportunities are rare (market is fairly efficient). This scanner checks the top volume markets where pricing inefficiencies are most likely due to high trading activity and bid-ask spread dynamics.

Comments

Loading comments...