Back to skill
Skillv1.0.0
ClawScan security
Polymarket Api Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested resources are coherent with its stated purpose (querying Polymarket's public API); it does not request credentials, install code from remote URLs, or perform unexplained actions.
- Guidance
- This skill appears coherent and low-risk, but review these practical points before installing or running it: - The script makes outbound requests to gamma-api.polymarket.com only; confirm that domain is expected for Polymarket in your environment. - Avoid large limits or wide enumeration (the script uses limit=100 for local search); prefer --top or targeted --search/--slug to reduce load and respect API rate limits. - If you request saving output, follow the SKILL.md guardrails: save only inside the current working directory and never to symlinks that resolve outside CWD. - If you operate in a high-security environment, inspect the script locally before running and/or run it in a network-restricted sandbox to confirm behavior. - The SAFETY.md guardrails are helpful and should be followed by the agent; if you need different behavior (e.g., automated uploads), expect to explicitly override guardrails and accept the associated risks.
Review Dimensions
- Purpose & Capability
- okThe name/description say "query Polymarket" and the included script calls Polymarket's public gamma-api.polymarket.com endpoints (/markets, /events). No credentials, unrelated binaries, or unrelated config paths are requested — the requested capabilities match the stated purpose.
- Instruction Scope
- okSKILL.md instructs running the included CLI script and documents the same endpoints the code uses. Guardrails in SKILL.md/SAFETY.md explicitly prohibit writing outside CWD, sending data to external endpoints, and excessive enumeration. The script itself only performs HTTP GETs to Polymarket and prints JSON/text to stdout; it does not read secrets or system files. One minor note: search implementation fetches up to 100 markets to filter locally, which is heavier than a single small query but still limited and documented.
- Install Mechanism
- okThere is no install spec and no remote download/install operations. This is an instruction-only skill plus a small local Python script — nothing is fetched or executed from an untrusted URL during install.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. That is proportionate for a read-only consumer of a public API.
- Persistence & Privilege
- okalways:false and normal user-invocation/autonomous invocation defaults are used. The skill does not request persistent system privileges or modify other skills' configs.