ClawHub

Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This disclosed Polymarket skill matches its stated purpose, but it can place or cancel real-money trading orders with configured API credentials and no artifact-level confirmation or limits.

Review this carefully before installing because it enables real trading through your OpenClaw agent. If you only want analytics, avoid configuring trading credentials or use a restricted key if prob.trade supports one. If you do use it for trading, keep balances small, require explicit confirmation for every order, and monitor or revoke API keys from the prob.trade dashboard.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
High
What this means

If invoked incorrectly or too broadly, the agent could spend funds or change the user's prediction-market exposure by placing or canceling orders.

Why it was flagged

The skill can place authenticated trading orders using user-supplied market, side, type, price, and amount values. The provided source does not show a local confirmation step, spending cap, dry-run mode, or other containment before the order is sent.

Skill content
sub.add_argument("--amount", type=float, required=True, help="Amount in USDC") ... data = trading_request("POST", "/order", body)
Recommendation

Use this only if you explicitly want agent-assisted trading. Prefer small balances or restricted API keys if available, require explicit user confirmation before every trade, and monitor/revoke keys from the prob.trade dashboard if anything looks wrong.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

The configured key can access account-specific trading functions such as balance, positions, open orders, placing orders, and canceling orders.

Why it was flagged

The skill reads local API credentials and uses them to authenticate requests to prob.trade. This is expected for the stated trading integration, and the code signs requests with HMAC rather than transmitting the secret directly.

Skill content
api_key = os.environ.get("PROBTRADE_API_KEY", "") ... api_secret = os.environ.get("PROBTRADE_API_SECRET", "") ... headers["X-PTK-Key"] = config["api_key"]
Recommendation

Store the credentials securely, use the least-privileged key available, avoid sharing the config file, and revoke the key if the device or agent environment is no longer trusted.