Skillv1.0.1

ClawScan security

Polymarket Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 1:02 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and SKILL.md require a sensitive POLYMARKET_PRIVATE_KEY and a workspace virtualenv, but the registry metadata declares no required credentials or install steps — this metadata/instruction mismatch is concerning.
Guidance: Before installing or using this skill: 1) Do not set your POLYMARKET_PRIVATE_KEY in any environment you don't fully control — treat it like any other wallet/private key. 2) Verify the py-clob-client package provenance (source, releases) before installing into the required virtualenv. 3) The registry metadata omits the POLYMARKET_PRIVATE_KEY requirement — ask the publisher to correct that or avoid relying on the skill until it's fixed. 4) Run the included trade.py in an isolated/test account first to confirm behavior; inspect what create_or_derive_api_creds() from py_clob_client does (it may create/derive additional credentials). 5) If you must use this, create a dedicated sandboxed workspace and virtualenv at the expected path, and do not store your private key in shared or persistent CI/agent environments. If you are uncomfortable with these checks or cannot review py-clob-client source, do not install or run this skill.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (placing Polymarket limit orders) matches the included trade.py which calls Polymarket APIs and uses a private key. However the registry metadata claims no required credentials while both SKILL.md and trade.py clearly require POLYMARKET_PRIVATE_KEY, an inconsistency between claimed requirements and actual needs.
Instruction Scope: noteSKILL.md and the tool exec are narrowly scoped to: activate a virtualenv, export MARKET_SLUG/DIRECTION/PRICE/SIZE, and run trade.py. The runtime actions (fetch public market data, build and post an order via py_clob_client) align with the purpose. Minor issues: the exec command depends on a specific relative path (../../polymarket_venv) and SKILL.md's security claim ('prevents shell injection') is overstated because it assumes the environment and substitution are handled safely by the host; the exec chain does not explicitly surface the required POLYMARKET_PRIVATE_KEY.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces installer risk, but SKILL.md requires a Python virtualenv at a specific relative path with packages ('py-clob-client', 'requests') installed. The skill does not provide automated installation or verify package provenance; manually creating the venv and installing py-clob-client (an external package) is required and should be done from trusted sources.
Credentials: concerntrade.py requires a sensitive environment variable POLYMARKET_PRIVATE_KEY to sign and derive API credentials. Requesting a private key is proportionate for a trading skill, but the registry metadata failing to declare this sensitive requirement is a significant omission. Additionally, the activation of a venv via a relative path that reaches up directories (../../polymarket_venv) could cause unexpected access to workspace files if the environment is not tightly controlled.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-wide privileges or modify other skills; autonomous invocation is allowed by default but not combined with other high-risk factors here.