polymarket-sdk
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent Polymarket SDK guide, but it involves financial trading credentials and order actions that users should review carefully.
Before installing, make sure you trust the polymarket-us package and understand that authenticated use can access your Polymarket portfolio and place trades. Never approve an order unless the previewed market, side, price, quantity, and expiration match your intent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could help submit real trading orders that affect the user's money or positions.
The skill documents financial order creation through the SDK and includes preview/confirmation safeguards, making the capability disclosed but still high-impact.
# Place order (ALWAYS confirm with user before executing) ... order = client.orders.create({...}) ... **Always preview orders before placing** ... **Always confirm with the user before placing any order**Only approve trades after checking market, side, price, quantity, and time-in-force; require explicit confirmation for every order placement, cancellation, modification, or position close.
Anyone or anything with these credentials may be able to view account information and perform trading actions allowed by the Polymarket API.
The skill requires delegated Polymarket account credentials for authenticated portfolio and trading actions; this is purpose-aligned but sensitive.
API keys are needed only for trading/portfolio endpoints ... `POLYMARKET_KEY_ID` — API key UUID ... `POLYMARKET_SECRET_KEY` — Ed25519 private key (base64)
Use the least-privileged API key available, keep the private key out of chat transcripts and logs, and rotate the key if it may have been exposed.
Installing or updating the package pulls code from the package ecosystem, which could change over time.
The skill relies on an external Python package installed without a version pin or reviewed code in the artifact set; this is expected for an SDK skill but creates dependency trust risk.
pip install polymarket-us
Install from a trusted source, consider pinning a known-good version, and review the package before using it with trading credentials.