Polymarket Trader
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Polymarket trading skill, but it can use a wallet private key to place real financial orders without strong guardrails and has unsafe shell-style argument handling.
Only install this if you are comfortable letting an agent-assisted tool place real Polymarket orders. Use a dedicated wallet with limited funds, require manual confirmation for every trade, verify and pin the Python dependencies, and fix the shell argument handling before using it with valuable credentials.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unintended tool call could place a real Polymarket order using the user's funds.
The script creates and posts a live order using supplied parameters. The artifacts do not show an approval step, dry-run default, maximum order size, market allowlist, or other guardrail before the financial action.
order_args = OrderArgs(
token_id=token_id,
price=price,
size=size,
side=order_side
)
print("Placing order...")
response = client.create_and_post_order(order_args)Require explicit user confirmation immediately before every order, add dry-run mode, enforce price and size limits, validate market/outcome semantics, and consider market allowlists.
Installing and using the skill requires exposing a private key capable of authorizing trades; misuse or compromise could affect the user's wallet or trading account.
The code directly uses a wallet private key and derives API credentials. This is expected for trading, but registry metadata declares no required env vars or primary credential, so the sensitive authority is under-disclosed.
private_key = os.getenv("POLYMARKET_PRIVATE_KEY")
...
api_creds = temp_client.create_or_derive_api_creds()Declare POLYMARKET_PRIVATE_KEY as a required credential, document its authority clearly, and advise users to use a dedicated limited-funds wallet rather than a primary wallet.
A malicious or malformed market slug or direction could potentially run unintended shell commands in the user's OpenClaw environment.
Tool arguments are interpolated into a shell command. If OpenClaw does not safely escape template values, quotes or shell metacharacters in string fields could break out before Python-side validation runs.
export MARKET_SLUG='{{market_slug}}' &&
export DIRECTION='{{direction}}' &&
export PRICE={{price}} &&
export SIZE={{size}} &&
python trade.pyAvoid shell interpolation for tool arguments; pass parameters through a structured environment mechanism, or rigorously shell-escape and pre-validate all values before command execution.
A compromised or unexpected dependency version could affect order execution or private-key handling.
The required dependencies are purpose-aligned, but the provided artifacts include no install spec, lockfile, package versions, or provenance controls for code that will handle a trading private key.
This skill requires a Python virtual environment named `polymarket_venv` located in the OpenClaw workspace root. The environment must have the following packages installed: - `py-clob-client` - `requests`
Use pinned dependency versions from trusted sources, provide an install spec or lockfile, and verify the virtual environment before using the skill with real funds.