ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket-AutoTrade

v1.1.1

Polymarket prediction market CLI - Browse markets, check prices, execute trades, and manage portfolio.

0· 96·0 current·0 all-time
by@aplanckfish

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aplanckfish/polymarket-autotrade.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Polymarket-AutoTrade" (aplanckfish/polymarket-autotrade) from ClawHub.
Skill page: https://clawhub.ai/aplanckfish/polymarket-autotrade
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: POLYMARKET_PRIVATE_KEY, POLYMARKET_PROXY_ADDRESS
Required binaries: python3, pip
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install polymarket-autotrade

ClawHub CLI

Package manager switcher

npx clawhub@latest install polymarket-autotrade
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Polymarket CLI: browse, price, trade, portfolio) match the declared requirements: python3/pip, requests and py-clob-client, and wallet credentials (private key + proxy address). Requiring a private key and proxy address is expected for a trading client.
Instruction Scope
SKILL.md and skill.py keep scope focused on fetching market data and trading via Polymarket endpoints (gamma-api.polymarket.com, data-api.polymarket.com, clob.polymarket.com). The docs instruct storing credentials in ~/.openclaw or env vars and state signing is local. Note: recommending putting raw private key in openclaw.json is insecure by design; the skill will read env vars and config files as described.
Install Mechanism
Dependencies are standard Python packages (requests, py-clob-client) declared in pyproject/requirements.txt. No download-from-arbitrary-URL or extracted archives are present. This install spec is proportional to a Python CLI that interacts with Polymarket.
Credentials
Only two env vars are required: POLYMARKET_PRIVATE_KEY and POLYMARKET_PROXY_ADDRESS, and the primary credential is the private key — which is necessary for signing trades. That is proportionate to trading functionality but represents high-value secrets; the skill writes API credentials to ~/.openclaw/credentials/polymarket_api.json which is expected but sensitive.
Persistence & Privilege
Skill is not forced-always, is user-invocable, and stores credentials only under ~/.openclaw. It does not request system-wide configuration or other skills' credentials. Its persistence level is typical for a user-installed trading skill.
Assessment
This skill is internally consistent for a Polymarket trading CLI, but it requires your wallet private key — a high-value secret. Only install if you trust the code and the py-clob-client library. Before using: (1) Prefer setting credentials via environment variables rather than embedding raw keys in files; (2) Use a dedicated, funded-for-purpose wallet (as the docs recommend) — do NOT use your main wallet; (3) Ensure config files (~/.openclaw/credentials/*.json) have strict permissions (chmod 600); (4) Audit or review the trade-related code paths and the py-clob-client dependency to confirm signing happens locally and private key material is never transmitted in plain text; (5) Consider running the skill in an isolated environment or sandbox and monitor network calls to clob.polymarket.com and related Polymarket endpoints before trusting it with funds. If you want a higher-assurance recommendation, provide the full trade-related functions from skill.py and confirm which py-clob-client version will be installed so they can be audited.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📈 Clawdis
OSLinux · macOS
Binspython3, pip
EnvPOLYMARKET_PRIVATE_KEY, POLYMARKET_PROXY_ADDRESS
Primary envPOLYMARKET_PRIVATE_KEY

Install

uvuv tool install requests
uvuv tool install py-clob-client
latestvk97c1s1rgvyfycaf8bgbhc50fh845zbr
96downloads
0stars
3versions
Updated 3w ago
v1.1.1
MIT-0
Linux, macOS
@aplanckfish
latest
Download

polymarket

Polymarket prediction market CLI - Browse & Trade.

Setup

# Install dependencies
pip install -r requirements.txt

Configure credentials

Method 1: Via openclaw.json (Recommended)

Add to your ~/.openclaw/openclaw.json under skills.entries:

{
  "skills": {
    "entries": {
      "polymarket": {
        "env": {
          "POLYMARKET_PRIVATE_KEY": "your_wallet_private_key",
          "POLYMARKET_PROXY_ADDRESS": "0x_your_proxy_wallet_address"
        }
      }
    }
  }
}

Or use the shorthand apiKey field for the primary key:

{
  "skills": {
    "entries": {
      "polymarket": {
        "apiKey": "your_wallet_private_key",
        "env": {
          "POLYMARKET_PROXY_ADDRESS": "0x_your_proxy_wallet_address"
        }
      }
    }
  }
}

Method 2: Via config file (Legacy)

Create ~/.openclaw/credentials/polymarket.json:

{
  "private_key": "your_wallet_private_key",
  "proxy_address": "0x_your_proxy_wallet_address"
}

The skill checks env vars first, then falls back to the config file.

Credential details:

  • POLYMARKET_PRIVATE_KEY / private_key — Your wallet private key (from MetaMask or similar)
  • POLYMARKET_PROXY_ADDRESS / proxy_address — Your Polymarket proxy wallet address (from polymarket.com/settings)
  • API credentials (apiKey, secret, passphrase) are auto-generated on first trade and cached locally.

Security Warning

  • Strongly recommended: Use a dedicated wallet with limited funds, NOT your main wallet.
  • The private key is only used locally for signing transactions via py-clob-client. It is never transmitted to any endpoint other than clob.polymarket.com (Polymarket's official CLOB API).
  • If using config file method: chmod 600 ~/.openclaw/credentials/polymarket.json

Commands

Browse Markets

polymarket trending                     # Homepage (featured order)
polymarket trending geopolitics          # By category
polymarket trending crypto
polymarket trending sports
polymarket trending politics
polymarket trending business
polymarket trending entertainment
polymarket trending tech

Event Details

polymarket detail us-strikes-iran-by
polymarket event us-strikes-iran-by     # Simple overview

Trading

# Check price
polymarket price <token_id>

# Trade (requires credentials)
polymarket buy <token_id> <amount>     # Buy with USDC
polymarket sell <token_id> <amount>    # Sell USDC worth

# Example
polymarket buy 40081275558852222228080198821361202017557872256707631666334039001378518619916 2

Portfolio

polymarket position                     # From config wallet
polymarket position <wallet_address>
polymarket balance                    # From config wallet
polymarket balance <wallet_address>

Natural Language Triggers

Browse Markets

"Polymarket 有什么热门市场" "显示当前趋势" "查看政治预测市场" "加密货币市场怎么样" "体育博彩市场" "商业/经济类预测市场" "娱乐新闻相关" "What's trending on Polymarket" "Show me popular prediction markets"

Event Details

"2028共和党候选人详情" "伊朗战争市场详细信息" "J.D. Vance 当前概率多少" "这个市场什么意思" "Show me details about [event name]" "What are the odds for [outcome]" "Explain this market"

Trading

"买入 J.D. Vance YES" "买 2 美元" "做多比特币" "下注 5 美元" "Buy [token/outcome]" "I want to buy [amount] USDC of [outcome]" "Place a bet on [outcome]" "Long [market]"

Portfolio

"我的仓位" "我的持仓" "还剩多少钱" "当前余额" "My positions" "Show me my balance" "How much USDC do I have"

Features

  • Env-first credentials - Reads POLYMARKET_PRIVATE_KEY / POLYMARKET_PROXY_ADDRESS from env, falls back to config file
  • Auto API credentials - Generated on first trade and cached to ~/.openclaw/credentials/polymarket_api.json
  • Default wallet - Uses proxy_address from config for position/balance commands
  • Local-only signing - Private key never leaves your machine; only signed transactions are sent to Polymarket CLOB API

APIs

Comments

Loading comments...