polymarket-sdk

This skill appears to be a normal Polymarket US SDK helper, but take these precautions before installing or using it: - Verify the SDK package: check PyPI for 'polymarket-us', confirm the publisher, read recent release notes, and inspect the package contents (or the upstream repository) before running pip install. Prefer pinned versions and install in an isolated virtualenv. - Metadata mismatch: the registry did not declare required env vars or a primary credential even though SKILL.md requires POLYMARKET_KEY_ID and POLYMARKET_SECRET_KEY. Treat that omission as a sign to double-check what credentials you supply and where. - Protect secrets: POLYMARKET_SECRET_KEY is an Ed25519 private key (base64). Don’t store it in shared or global environment variables. Use dedicated keys with the least privileges, rotate and revoke keys frequently, and consider ephemeral or scoped keys if available. - Review the SDK behavior: before allowing any automated action, review the SDK code (or network calls) to confirm it only communicates with the documented Polymarket endpoints (gateway.polymarket.us and api.polymarket.us) and doesn’t exfiltrate data elsewhere. - Trading safety: the SKILL.md rightly tells agents to always preview and confirm trades. Keep that policy enforced — avoid granting any automation permission to place orders without explicit user confirmation. If you want higher assurance, request the skill author supply a verifiable package URL (GitHub repo or PyPI link), a pinned version, and update the registry metadata to declare the two required environment variables and their sensitivity.