ClawHub

Openclaw Skill Publish

WarnAudited by ClawScan on May 10, 2026.

Overview

This skill is disclosed as a Polymarket trading tool, but it can place or cancel real-money orders without showing built-in confirmation or spending limits.

Review this carefully before installing. It appears purpose-aligned and not malicious, but it can trade with real funds through your prob.trade/Polymarket account. Only install it if you are comfortable giving your agent trading credentials, and configure strict human approval or small account/key limits before using live order commands.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI02: Tool Misuse and Exploitation
What this means

A mistaken prompt, ambiguous instruction, or compromised agent context could place a real trade and commit funds.

Why it was flagged

The code directly submits authenticated live trading orders, including a user-supplied amount, to the trading API. The provided artifacts do not show a confirmation step, spending cap, dry-run mode, or other containment before financial mutation.

Skill content
body = {"market": args.market, "side": args.side.upper(), "outcome": args.outcome, "type": args.type.upper(), "amount": args.amount, ...}
...
data = trading_request("POST", "/order", body)
Recommendation

Require explicit human confirmation before every order, add configurable maximum order sizes, support read-only mode, and clearly separate analytics commands from live trading commands.

Note
ASI03: Identity and Privilege Abuse
What this means

Anyone or anything able to invoke the skill with those credentials may be able to view account data and perform allowed trading actions.

Why it was flagged

The skill requires persistent API credentials that can authenticate trading and account-read operations. This is disclosed and purpose-aligned, but it gives the agent delegated authority over a financial account.

Skill content
All commands require a prob.trade API key. Configure it in `~/.openclaw/skills/probtrade/config.yaml`:
```yaml
api_key: "ptk_live_..."
api_secret: "pts_..."
```
Recommendation

Use the least-privileged API key available, keep credentials out of shared environments, revoke keys if no longer needed, and prefer keys with trading limits if the provider supports them.