Polymarket Trader

Execute limit orders on Polymarket markets by specifying market slug, outcome, price, and order size via a Python script.

Before installing or using this skill: 1) Do not set your POLYMARKET_PRIVATE_KEY in any environment you don't fully control — treat it like any other wallet/private key. 2) Verify the py-clob-client package provenance (source, releases) before installing into the required virtualenv. 3) The registry metadata omits the POLYMARKET_PRIVATE_KEY requirement — ask the publisher to correct that or avoid relying on the skill until it's fixed. 4) Run the included trade.py in an isolated/test account first to confirm behavior; inspect what create_or_derive_api_creds() from py_clob_client does (it may create/derive additional credentials). 5) If you must use this, create a dedicated sandboxed workspace and virtualenv at the expected path, and do not store your private key in shared or persistent CI/agent environments. If you are uncomfortable with these checks or cannot review py-clob-client source, do not install or run this skill.

Type: OpenClaw Skill Name: zakkycrypt01-polymarket-trader Version: 1.0.1 The skill is designed to securely execute trades on Polymarket. It correctly handles the `POLYMARKET_PRIVATE_KEY` by reading it from an environment variable and uses it solely for authenticating with the Polymarket CLOB client. The `SKILL.md` explicitly states that arguments are passed via environment variables to `trade.py` to prevent shell injection, demonstrating a focus on security. All network calls are directed to legitimate Polymarket API endpoints (`gamma-api.polymarket.com`, `clob.polymarket.com`), which is expected for its functionality. The `inspect_client.py` and `inspect_methods.py` files are benign utility scripts for library introspection, not used in the main skill execution, and pose no security risk. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.