Back to skill
Skillv0.1.0
ClawScan security
Polyclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 10:45 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and declared requirements don't line up: it asks you to run Python scripts and use an OpenRouter key yet the package contains no code files and the registry metadata omits some environment variables the SKILL.md clearly uses.
- Guidance
- Do not supply a real private key or production funds to this skill as-is. The SKILL.md expects python scripts (scripts/polyclaw.py, etc.) that are not included in the package — you should only install or run this if the skill provides its code or points to a verifiable upstream repository. Ask the publisher for the missing code and for a reproducible install (requirements, Python runtime, and a manifest). Confirm whether OPENROUTER_API_KEY and HTTPS_PROXY are required and why they were omitted from registry metadata. If you test, use a throwaway wallet with tiny balances, inspect all scripts before running them, and verify the brew 'uv' formula source. If the publisher cannot provide source code or a trusted repository, treat the skill as untrusted.
Review Dimensions
- Purpose & Capability
- noteThe stated purpose (trading on Polymarket via Polygon RPC and an EVM private key) matches the declared CHAINSTACK_NODE and POLYCLAW_PRIVATE_KEY requirements. Use of an LLM for hedge-discovery is plausible and the uv binary could be a task runner for the workflow.
- Instruction Scope
- concernSKILL.md repeatedly instructs the agent to run python scripts (e.g., scripts/polyclaw.py) and to perform on‑chain approvals and trades, but the skill bundle contains no code files. The instructions reference environment variables beyond those declared in registry metadata (OPENROUTER_API_KEY, HTTPS_PROXY, CLOB_MAX_RETRIES) and assume a 'python' runtime without declaring it. Running the described approval and trading commands would broadcast transactions using the private key supplied in an env var—this is expected for trading but should only occur if you know what code will execute. The absence of the actual scripts is a major mismatch.
- Install Mechanism
- noteThe only install step is a brew formula for 'uv' which is consistent with the SKILL.md's use of 'uv'. There is no high‑risk remote download in the metadata. However, 'uv' installing via brew is the only installation provided and no mechanism is present to install Python dependencies or the referenced scripts, which is inconsistent.
- Credentials
- concernPrimary credential POLYCLAW_PRIVATE_KEY and CHAINSTACK_NODE are proportionate to a trading skill. However SKILL.md requires OPENROUTER_API_KEY for LLM-based hedge discovery and suggests HTTPS_PROXY and other runtime settings, yet the registry metadata only declared CHAINSTACK_NODE and POLYCLAW_PRIVATE_KEY. The skill therefore references env vars not declared as required; storing an EVM private key in an env var is convenient but risky — the SKILL.md warns about this, but the missing code increases the risk of unknown key usage or exfiltration.
- Persistence & Privilege
- okThe skill is not marked always:true and uses normal autonomous invocation defaults. It does not request system config paths or other skills' credentials.