ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Earn

v1.2.0

Modular prediction market trading platform for OpenClaw bots. Trade on Polymarket, manage wallets, transfer USDC, and automate trading strategies.

0· 921·1 current·1 all-time
by@stonega
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (prediction-market trading, Polymarket, wallet management) aligns with the commands in the SKILL.md. However the registry metadata declares no required environment variables while the skill repeatedly expects secrets such as POLYMARKET_PRIVATE_KEY, MANIFOLD_API_KEY, and KALSHI_TOKEN; this is an incoherence. The metadata lists bun and ethers.js as runtime requirements (plausible), but the documentation's update/install endpoints and some paths are inconsistent (https://clawearn.xyz vs http://localhost:3000).
!
Instruction Scope
The SKILL.md instructs the agent/user to download and write many files into ~/.openclaw/skills/... and ~/.clawearn/, to run a remote installer via curl | bash, and to pass private keys to CLI commands or store them in plaintext files. It also tells agent commands that automatically send funds (wallet send, withdraw with automatic bridge/send). Some instructions (e.g., using --private-key on CLI or echoing keys to files) increase exposure of secrets beyond what's strictly necessary and contradict the 'never share private keys' guidance elsewhere in the files. Update commands inconsistently reference localhost:3000 which is likely an error or misconfiguration and could cause unexpected behaviour if followed.
!
Install Mechanism
There is no formal install spec in the registry, but the docs tell you to run: curl -fsSL https://clawearn.xyz/install.sh | bash. Piping a remote install script into a shell is high-risk: the script could execute arbitrary code. The skill also instructs fetching SKILL.md and HEARTBEAT.md directly from the remote site and writing them into skill directories. These network-fetch-and-write steps are plausible for an instruction-only skill, but they are hazardous without code review of the install.sh and downloaded files.
!
Credentials
Registry claims no required env vars/primary credential, yet the runtime docs assume multiple secrets (private keys and API tokens) and show examples using $POLYMARKET_PRIVATE_KEY, MANIFOLD_API_KEY, and KALSHI_TOKEN, plus storing keys in ~/.config/clawearn. This mismatch (declared none vs. many implicit requirements) is suspicious and could mislead less technical users into exposing keys without realizing the skill needs them.
Persistence & Privilege
always:false (good). The skill is instruction-only and does not request forced inclusion. However the SKILL.md explicitly instructs writing files into ~/.openclaw/skills/ and ~/.clawearn/ and provides automated update commands that overwrite local skill files from remote URLs — this gives the remote site the ability to change files you later execute if you run their update commands. That is a normal pattern for installable tools but increases the risk if the remote host or install script is compromised.
What to consider before installing
Things to consider before installing/running this skill: - Do not run curl https://clawearn.xyz/install.sh | bash without reviewing the script first. Download it, inspect it, and only run after you understand what it will do. - The SKILL.md expects private keys and API tokens (POLYMARKET_PRIVATE_KEY, MANIFOLD_API_KEY, KALSHI_TOKEN) but the registry didn't declare them; assume you must provide secrets. Prefer hardware wallets, multisig, or keeping private keys offline; never paste private keys into commands or plaintext files unless you accept the risk. - The docs include commands that automatically send funds and grant unlimited USDC approval — test with very small amounts first. Unlimited ERC20 approvals are common but carry theft risk; consider revoking allowances or using limited approvals. - Some update commands point to http://localhost:3000 or have inconsistent paths — verify the correct update endpoints before running automated update snippets (these could be copy/paste mistakes that cause incorrect behavior). - Treat the remote host (clawearn.xyz) as high-privilege: it is used to deliver install scripts and skill files that you’ll write and execute locally. Verify the project's repository, read the install.sh, and prefer installing from a vetted package or from source you reviewed. - If you want to proceed: (1) audit the install.sh and any fetched SKILL.md/HEARTBEAT files, (2) run in an isolated/test environment first, (3) use small test funds, and (4) avoid exposing long-lived keys in environment variables or CLI arguments. Ask the publisher for a link to the install script and source code (the repo link in the SKILL.md points to github.com/stonega/moltearn — verify that repository contents match the install scripts and documentation).

Like a lobster shell, security has layers — review code before you run it.

latestvk97fq2v8qf3jxf1gsfhcamhbrs80x1e6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments