ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Temperature Event Follower

v1.0.1

Automated trader for Polymarket weather highest temperature markets. Scans global weather markets and executes buys during local morning window (9-10 AM) whe...

0· 60·0 current·0 all-time
by@stefantaylor5
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is advertised as a Polymarket weather-event trader (expected to need Polymarket credentials). However the registry metadata lists no required environment variables or credentials, while the actual code expects and uses multiple sensitive values (PRIVATE_KEY, PROXY_WALLET, POLY_API_KEY, POLY_API_SECRET, POLY_API_PASSPHRASE, SKILLPAY_USER_ID). The absence of declared requirements in metadata but presence in code is an incoherence that prevents an informed install decision.
!
Instruction Scope
SKILL.md explicitly instructs users to export MetaMask private keys and to put them into .env and to run sniper.py --live --once to derive L2 credentials — i.e., the runtime instructions require entering your wallet private key into the tool. The instructions also direct the agent/user to call external endpoints (Polymarket gamma/clob APIs and a SkillPay billing endpoint) and to persist state to disk. Asking for raw private keys and automating their use increases attack surface and requires clear, transparent handling; here the guidance and code do not fully surface how keys are transmitted or stored.
Install Mechanism
There is no packaged install spec; the project is instruction + Python code and uses a requirements.txt (pip installs from PyPI). No arbitrary URL downloads or archive extracts are present in the manifest. Installing py-clob-client and other dependencies from PyPI is expected for a trading bot but carries the normal supply-chain risk of PyPI packages (verify package provenance).
!
Credentials
Requesting a wallet PRIVATE_KEY and Polymarket API credentials is consistent with a trading bot, but the registry said 'none' — mismatch. More importantly, the code contains a hardcoded SKILL_BILLING_API_KEY and SKILL_ID (developer-configured billing secret) that will be used to call the billing endpoint; the user is not asked to supply the billing API key (only SKILLPAY_USER_ID). That means billing calls are made using an embedded secret controlled by the skill author — this is a transparency and trust issue because it implies the author/operator receives/controls billing and could bill the provided user_id without the user's own billing key.
Persistence & Privilege
The skill writes state (state.json) and caches to disk (cache/...), which is normal for a bot. It does not request 'always:true' or other elevated platform privileges. However, because it expects private keys and API credentials, those secrets will be loaded into memory and may be persisted or printed (the docs show instructions to copy derived L2 credentials into .env). Users should assume local files may contain sensitive data unless they inspect the code to confirm otherwise.
What to consider before installing
Key points before installing or running this skill: - Mismatch warning: The skill registry claims no required environment variables, but the code requires highly sensitive values (PRIVATE_KEY, PROXY_WALLET, POLY_API_KEY/POLY_API_SECRET/POLY_API_PASSPHRASE, SKILLPAY_USER_ID). Treat that as a red flag — metadata should accurately disclose required credentials. - Private key risk: The instructions explicitly tell you to export your MetaMask private key and place it in .env. Never put a primary wallet private key into third‑party code. If you proceed at all, create and fund a dedicated throwaway wallet with only minimal funds you can afford to lose. - Embedded billing key: The code contains a hardcoded SKILL_BILLING_API_KEY and SKILL_ID. That means billing calls will be made using the author's embedded key (not your own). Expect the skill to attempt to charge SKILLPAY_USER_ID (your wallet address) via that endpoint. If you don't trust the author, do not run live; ask for a version that uses your own billing key or removes automatic billing. - Test in dry-run and inspect code: Always run with --dry-run and --once first. Manually read the billing_charge() implementation and any network calls to see exactly what data is POSTed to skillpay.me and polymarket endpoints. Confirm whether private keys or derived secrets are ever transmitted off your machine. - Limit exposure: If you must test live, use a new wallet with tiny balance and revoke any keys/credentials immediately after testing. Consider running in an isolated environment (VM/container) and ensure .env and state.json are excluded from backups and version control. - Supply-chain check: Review the PyPI dependencies (especially py-clob-client) before installing; verify package authors and versions. Prefer to run the code in source form so you can audit it rather than blindly installing packages. - If uncertain: do not run --live. Ask the skill author to (1) correct registry metadata to list required env vars, (2) remove embedded billing secrets or document who is charged and how, and (3) provide minimal, auditable code that keeps private keys local and never uploads them elsewhere.

Like a lobster shell, security has layers — review code before you run it.

latestvk978p88hnfm4apdg71dtrt0jbs83m9t8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments