← Back to Skills Marketplace

PolyClawster

Name: PolyClawster
Author: al1enjesus

by Ilya · GitHub ↗ · v1.5.0 · MIT-0

cross-platform ⚠ suspicious

392

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install polyclawster

Description

Trade on Polymarket prediction markets. Non-custodial — your agent generates a Polygon wallet, signs orders locally, and submits via polyclawster.com relay (...

Usage Guidance

What to check before installing: - Review scripts/setup.js (not fully shown) to ensure it does not exfiltrate the private key or upload secrets to polyclawster.com during registration. The README claims the private key never leaves your machine, but you must verify the code path that registers the agent. - Inspect ~/.polyclawster/config.json after setup to confirm privateKey and API secrets remain local and have safe permissions (chmod 600). - Run the skill in demo/dry-run mode first (auto.js --demo or --dry-run) and test with the $10 demo balance before risking real funds. - Review on‑chain approvals: approve.js sets infinite allowances (MaxUint256) and setApprovalForAll for several operator addresses (including a 'Neg Risk Adapter'); infinite approvals are common but increase risk if the approved contract is malicious — verify the spender addresses and audit/confirm Polymarket/adapter contracts yourself. - Verify polyclawster.com is a trustworthy relay (look up project, code repo, and operators). The relay sees signed orders and agent metadata; if you don't trust the relay you can still trade directly but may need to adapt the scripts. - Audit npm dependencies (ethers, @polymarket/clob-client and their transitive deps) or run in an isolated environment. Prefer running the code in a disposable VM or container while evaluating. - Because the agent can be scheduled to trade autonomously, restrict its runtime (limit cron/agent permissions, monitoring, loss limits) until you are comfortable with behavior. If you want, I can: (a) scan the omitted setup.js for suspicious behavior if you paste it, (b) list the specific on‑chain addresses the code approves so you can look them up, or (c) suggest safe steps to sandbox and test this skill.

Capability Analysis

Type: OpenClaw Skill Name: polyclawster Version: 1.5.0 The bundle implements a non-custodial Polymarket trading agent that generates and stores a Polygon private key locally in `~/.polyclawster/config.json`. While the scripts (`setup.js`, `trade.js`, `sell.js`) use local EIP-712 signing to ensure the private key is never transmitted, the architecture relies heavily on a third-party relay (`polyclawster.com`) for geo-bypass and trading signals (`auto.js`). Although the behavior is clearly aligned with the stated purpose and includes security best practices like `chmod 600` for the config file, the inherent risks of local plaintext key management and the dependency on an external relay for transaction execution qualify it as suspicious under the provided criteria.

Capability Assessment

✓ Purpose & Capability

Name/description match the code: scripts generate a local Polygon wallet, sign orders locally (ethers.Wallet), call polyclawster.com relay/APIs and Polymarket CLOB. Requested binaries and network hosts align with trading on Polygon/Polymarket.

⚠ Instruction Scope

Most runtime instructions are scoped to trading: generate wallet, swap POL→USDC.e, approve contracts, sign orders locally, post to polyclawster.com. However the critical setup script (scripts/setup.js) was not included in the inspected snippets; loadConfig() and setup/registration paths are central to security (they read/write ~/.polyclawster/config.json). You should review setup.js to confirm it does not transmit the private key or store secrets to remote servers during registration.

ℹ Install Mechanism

No install spec (instruction-only) but package.json/package-lock are present and list npm deps (ethers, @polymarket/clob-client). Installing will pull packages from npm (expected). This is a moderate risk (typical) — verify dependencies and prefer installing in a sandboxed environment before running with real funds.

ℹ Credentials

No environment variables are requested; the skill uses a local config file (~/.polyclawster/config.json) to store privateKey and CLOB creds (chmod 600 recommended in README). This is proportionate to a non‑custodial agent but the secret storage location is sensitive — confirm the config is only written locally and not POSTed to third parties by setup.js.

ℹ Persistence & Privilege

always:false (normal). The skill supports autonomous trading (auto.js) and is intended to be run on a schedule; combined with the ability to hold and sign transactions this gives it direct control over funds while active. This is expected for a trading agent but is high-impact if buggy or malicious—recommend demo mode and restricted cron settings first.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install polyclawster
After installation, invoke the skill by name or use /polyclawster
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.5.0

POL funding flow, auto-swap POL→USDC.e, updated README and SKILL.md

v1.3.7

polyclawster v1.3.7 - No file changes detected in this release. - No new features, bugfixes, or documentation updates were introduced.

v1.3.6

- Update version to 1.3.6 in package.json. - No other changes to logic, features, or documentation.

v1.3.5

- Updated dependencies in package.json. - No changes to documentation or functionality.

v1.3.4

- Updated package.json for version 1.3.4. - No functional or documentation changes in this release.

v1.3.3

**Polyclawster 1.3.3 Changelog** - Updated documentation for improved clarity on how to use the skill with OpenClaw agent. - Expanded usage examples with natural language command formats. - Improved instructions for setting up automated (cron) auto-trading via OpenClaw. - Clarified credentials section, emphasizing API key handling and security. - Added a builder attribution and dashboard link in documentation. - No changes to core code or APIs; documentation updates only.

v1.3.2

- Added read permission for the config file in skill metadata to support read access from scripts. - Updated OpenClaw permissions in SKILL.md for improved compatibility. - No changes to core logic or usage; documentation and metadata cleanup only.

v1.3.1

- Major rewrite: switched from standalone CLI scripts to an agent-based, non-custodial architecture. - Private keys are now generated and stored locally; orders are signed client-side and relayed via a geo-bypass proxy. - Added new scripts: approve.js, auto.js, browse.js, link.js, sell.js; removed legacy trading and search scripts. - Enhanced demo trading, AI signal auto-trading, and integration with polyclawster.com agent profiles. - Updated documentation and security model to reflect agent-first workflow and improved privacy.

v1.1.0

Search any market, auto-setup wallet, trade any market by slug or conditionId

Metadata

Slug polyclawster

Version 1.5.0

License MIT-0

All-time Installs 3

Active Installs 3

Total Versions 9

Frequently Asked Questions

What is PolyClawster?

Trade on Polymarket prediction markets. Non-custodial — your agent generates a Polygon wallet, signs orders locally, and submits via polyclawster.com relay (... It is an AI Agent Skill for Claude Code / OpenClaw, with 392 downloads so far.

How do I install PolyClawster?

Run "/install polyclawster" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PolyClawster free?

Yes, PolyClawster is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PolyClawster support?

PolyClawster is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PolyClawster?

It is built and maintained by Ilya (@al1enjesus); the current version is v1.5.0.

More Skills