Back to skill
Skillv0.2.0
VirusTotal security
Wangbo Polymarket Copytrading · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:57 AM
- Hash
- 9c4a2f713f9fd57fed3a458384e5103f4424a02785ee479d14ebda85b95e1dea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wangbo-polymarket-copytrading Version: 0.2.0 The skill bundle is designed for automated Polymarket copy-trading. The `scripts/auto_copytrade.py` script contains a command injection vulnerability. It constructs commands for an external `polymarket` CLI tool using values directly from the `references/auto-copytrade-config.example.json` configuration file. If an attacker could control the content of this configuration file (e.g., via a supply chain attack or prompt injection against the agent to modify the config or its path), they could inject arbitrary shell commands, leading to Remote Code Execution (RCE) and unauthorized financial transactions. This is a critical vulnerability, but not evidence of intentional malice within the skill's core logic.
- External report
- View on VirusTotal