Skillv1.0.0

ClawScan security

polymarket-sdk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 16, 2026, 11:54 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior is mostly coherent with a Polymarket SDK helper, but the package/credential handling in the metadata and install guidance is inconsistent and requires care (verify the PyPI package and how you store/ grant keys).
Guidance: This skill appears to be a normal Polymarket US SDK helper, but take these precautions before installing or using it: - Verify the SDK package: check PyPI for 'polymarket-us', confirm the publisher, read recent release notes, and inspect the package contents (or the upstream repository) before running pip install. Prefer pinned versions and install in an isolated virtualenv. - Metadata mismatch: the registry did not declare required env vars or a primary credential even though SKILL.md requires POLYMARKET_KEY_ID and POLYMARKET_SECRET_KEY. Treat that omission as a sign to double-check what credentials you supply and where. - Protect secrets: POLYMARKET_SECRET_KEY is an Ed25519 private key (base64). Don’t store it in shared or global environment variables. Use dedicated keys with the least privileges, rotate and revoke keys frequently, and consider ephemeral or scoped keys if available. - Review the SDK behavior: before allowing any automated action, review the SDK code (or network calls) to confirm it only communicates with the documented Polymarket endpoints (gateway.polymarket.us and api.polymarket.us) and doesn’t exfiltrate data elsewhere. - Trading safety: the SKILL.md rightly tells agents to always preview and confirm trades. Keep that policy enforced — avoid granting any automation permission to place orders without explicit user confirmation. If you want higher assurance, request the skill author supply a verifiable package URL (GitHub repo or PyPI link), a pinned version, and update the registry metadata to declare the two required environment variables and their sensitivity.

Review Dimensions

Purpose & Capability: noteThe name/description match the SKILL.md instructions: it is a Polymarket US SDK helper for browsing and trading. However, the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly instructs users to set POLYMARKET_KEY_ID and POLYMARKET_SECRET_KEY for authenticated trading. That metadata omission is an inconsistency that should be corrected or explained.
Instruction Scope: okSKILL.md stays on-topic: it instructs installing the Python SDK, using the SDK for public and authenticated endpoints, and explicitly recommends confirming with the user before placing orders. It does not tell the agent to read unrelated files, send data to unknown endpoints, or broadly harvest system context.
Install Mechanism: noteThe skill is instruction-only and tells the user to run `pip install polymarket-us`. There is no install spec in the registry. Recommending a pip install is common, but it means arbitrary code will be installed from PyPI — the skill metadata should have declared this and pinned versions or given a verified source. Verify the package identity on PyPI (or prefer a pinned wheel from a trusted source) before installing.
Credentials: concernAuthenticated trading requires two sensitive values: POLYMARKET_KEY_ID and POLYMARKET_SECRET_KEY (an Ed25519 private key). Requesting these is appropriate for a trading SDK, but the registry metadata does not declare them (so the platform won't surface the need). The skill asks for a raw private key (base64) which is highly sensitive — storage and scope of those keys are not discussed. Ensure minimal-permission keys, avoid putting private keys in shared/global env, and validate how keys are provisioned and revoked.
Persistence & Privilege: okThe skill does not request permanent/always-on inclusion (always: false), does not modify other skills, and does not claim elevated platform privileges. Autonomous model invocation is permitted (default) but not combined with other red flags here.