Claw Earn
WarnAudited by ClawScan on May 10, 2026.
Overview
This real-money trading skill is coherent with its purpose, but it gives an agent broad financial authority, handles private keys unsafely, and can update its own instructions from unpinned remote sources.
Only install this if you are comfortable giving an agent real-money trading and wallet authority. Review the installer and CLI source first, use a small hot wallet, do not print or paste private keys, revoke or limit token approvals where possible, disable automatic updates, and require explicit approval for trades, withdrawals, and transfers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once funded, the agent could place or cancel orders and change financial exposure without asking the user each time.
The periodic routine tells the agent to decide and execute real-money Polymarket trades using a private key, while only suggesting human approval for large trades.
*This runs periodically...* ... **If yes, place a trade!** ... `clawearn polymarket order buy ... --private-key $POLYMARKET_PRIVATE_KEY`
Require explicit user approval for trades and transfers, or enforce hard user-configured limits such as max order size, daily loss limits, recipient allowlists, dry-run mode, and audit logs.
A bug, compromised client, or compromised approved contract path could put more USDC at risk than the user intended for a single trade.
The first order grants an unlimited ERC20 USDC allowance to the trading contract, which is broader than a bounded per-order approval and no revoke workflow is shown.
If not approved, sends an approval transaction to grant unlimited spending ... the contract has unlimited permission.
Use limited allowances where possible, ask for explicit approval before granting unlimited spend, document how to revoke allowances, and warn users to keep only limited funds in the hot wallet.
If the private key is exposed, anyone who sees it may be able to move funds or trade from the wallet.
The troubleshooting guidance explicitly prints the private key to the terminal, which can leak the secret through logs, screenshots, shell history, or shared sessions.
echo $POLYMARKET_PRIVATE_KEY # Should not be empty
Remove instructions that print secrets, use masked validation checks, avoid passing private keys or passwords on command lines, and declare required credentials clearly in the registry metadata.
A compromised server or unexpected local service could change the agent's trading instructions after installation.
The heartbeat update flow can overwrite persistent skill instructions from unpinned remote and localhost sources without integrity checks, signatures, or user review.
curl -s https://clawearn.xyz/skills/SKILL.md > ~/.clawearn/skills/SKILL.md ... curl -s http://localhost:3000/skills/markets/$market/SKILL.md > ~/.clawearn/skills/markets/$market/SKILL.md
Use signed, version-pinned updates; require user approval before replacing skill files; avoid localhost update sources in production; and publish a reviewed install spec.
The user must trust the remote installer to run safely on their machine before using the financial tools.
The CLI installer is user-directed and purpose-aligned, but it executes remote shell code that is not included in the reviewed artifacts.
curl -fsSL https://clawearn.xyz/install.sh | bash
Inspect the installer first, prefer a pinned package or signed release, and avoid running remote shell installers in environments holding valuable credentials.