Polymarket Auto-Trader
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot can commit real funds to prediction-market orders and can lose money if the model, market data, sizing logic, or timing is wrong.
The code creates and posts live Good-Till-Cancelled Polymarket orders. This is purpose-aligned, but it is a high-impact financial action performed by automation rather than requiring a human approval for each order.
signed = client.create_order(order_args) resp = client.post_order(signed, OrderType.GTC)
Use only a dedicated wallet with a small test balance, add a dry-run mode and hard daily/lifetime trading caps, and require manual confirmation until the strategy is proven safe.
If the VPS, private key, or approved contracts are compromised, funds in the wallet could be spent or lost.
The approval script uses the wallet private key and grants effectively unlimited token allowances. The SKILL.md discloses this, but the authority is broad and financially sensitive.
PRIVATE_KEY = os.environ["PRIVATE_KEY"]
MAX_UINT = 2**256 - 1
("USDC.e → CTF Exchange", usdc.functions.approve(..., MAX_UINT))Never use a main wallet. Fund a new wallet only with money you are willing to lose, restrict file permissions, review contract addresses, and revoke allowances when done.
Misleading or adversarial market text could influence the model's probability estimate and cause the bot to place bad trades.
External market question and description text are inserted directly into the LLM prompt, and the resulting number drives automated trade decisions.
prompt = f"Estimate TRUE probability ...\n\nQ: {market['question']}\nDesc: {market['description'][:200]} ... Reply ONLY a number."Treat market text as untrusted input, add prompt-injection-resistant formatting and validation, and require human review for trades triggered by ambiguous or unusual market descriptions.
The bot may continue placing orders after the user forgets about it, after market conditions change, or after the VPS is no longer actively monitored.
The documented deployment runs the trading script every 10 minutes. This persistence is disclosed and central to the product, but it keeps operating with financial authority until stopped.
Add: */10 * * * * cd /opt/trader/app && /opt/trader/bin/python3 run_trade.py >> cron.log 2>&1
Know how to disable the cron job before enabling it, monitor logs and open orders, and add an expiration date or kill switch.
Using a VPS to access a restricted trading service may create legal, regulatory, or account-enforcement risk depending on the user's location and status.
The skill explicitly instructs use of a non-US VPS for access. This is disclosed, but users could misread technical access as legal or platform eligibility.
Polymarket blocks US IPs. Use DigitalOcean Amsterdam, Hetzner EU, etc. ... All API calls must originate from non-US IP. VPN insufficient; use actual non-US VPS.
Use the skill only if you are legally allowed to trade on Polymarket and comply with the platform's terms and local laws.
Users following the manual command may install newer dependency versions than the author tested.
The manual setup path installs Python packages without version pins, although the included setup_vps.sh script uses pinned versions.
/opt/trader/bin/pip install py-clob-client python-dotenv web3 requests
Prefer the pinned setup script or pin and verify package versions before running the trader with wallet authority.
Local files may reveal trading activity, and tampering with them could affect future trading or reporting.
The bot persists local budget and trade history files, and trades.jsonl affects future behavior by suppressing repeat trades for logged markets.
BUDGET_PATH = WORKSPACE / "budget_spent.txt"
LOG_PATH = WORKSPACE / "trades.jsonl"
existing.add(d.get("market",""))Protect the trader directory with strict permissions, back up logs, and review local state before restarting automation.