← Back to Skills Marketplace
seandong

Polymarket CLI

by seandong · GitHub ↗ · v0.1.5 · MIT-0
cross-platform ⚠ suspicious
261
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install poly-cli
Description
Operate Polymarket from terminal with the `polymarket` Rust CLI (v0.1.5). Covers market/event/tag/series discovery, CLOB order book queries (single & batch),...
Usage Guidance
This skill is coherent with being a Polymarket CLI helper, but it raises red flags you should address before installing or letting an agent run it: - Do not blindly run curl | sh from raw.githubusercontent.com; inspect the install.sh contents yourself or prefer Homebrew/git+cargo builds from the upstream repo. - The skill metadata declares no credentials, yet the tool needs wallet private keys and can manage API keys and perform on-chain writes. Treat any request for a private key as high-risk: never paste your primary/private key into an agent. Prefer read-only queries or use an ephemeral/test wallet with minimal funds for any automated actions. - Confirm the upstream repository and release artifacts (GitHub repo, tags/releases) and verify checksums/signatures where possible. - Require explicit, per-action user confirmation for any write operation (orders, approvals, wallet reset, bridge deposit, API-key creation/deletion). Consider providing only read-only functionality to the agent if you cannot fully vet the install and code. - If you need this skill, ask the publisher for a homepage/repo release URL and a reproducible install method (signed release or package) and add required env/config declarations (POLYMARKET_PRIVATE_KEY, config path) so permissions are explicit. If you want, I can: (1) fetch and show the contents of the recommended install.sh for review (do not execute it), (2) produce a safe checklist to install the CLI manually, or (3) rewrite the skill instructions to avoid piping remote scripts and to explicitly demand user confirmation before any secret/transactional action.
Capability Analysis
Type: OpenClaw Skill Name: poly-cli Version: 0.1.5 The skill provides a CLI interface for Polymarket that handles sensitive operations, including importing and overriding private keys via command-line arguments and configuration files (SKILL.md, commands.md). It explicitly directs the agent to install software using a high-risk 'curl | sh' pattern from a remote GitHub repository (https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh), which is a common vector for supply chain attacks and arbitrary code execution. While these capabilities are functionally relevant to a trading tool, the combination of raw credential handling and unverified remote script execution presents a significant security risk.
Capability Assessment
Purpose & Capability
The name/description (Polymarket CLI) matches the SKILL.md: it documents many read and write CLI operations for Polymarket. However, many of those operations legitimately require signing credentials (private keys) and access to local config, but the skill's metadata declares no required environment variables or config paths — an omission that makes the declared purpose incomplete in the metadata.
Instruction Scope
SKILL.md explicitly instructs running commands that can expose or use secrets (wallet show, approve set, create-order, bridge deposit, create-api-key) and references private-key handling. It also recommends installing via piping a remote install script to sh. The instructions reference a config path (~/.config/polymarket/config.json) and an env var (POLYMARKET_PRIVATE_KEY) even though the skill metadata lists none — the agent could be instructed to read those secrets or to accept a --private-key value, so the runtime scope reaches beyond what's declared.
Install Mechanism
There is no formal install spec, but the runtime doc encourages: curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh. Piping an arbitrary remote script to sh is high-risk. Alternatives (Homebrew, git + cargo) are more transparent, but the primary suggested one-liner is a risky pattern and should be reviewed before execution.
Credentials
The metadata lists no required env vars, yet the docs mention --private-key, POLYMARKET_PRIVATE_KEY, and a local config file as canonical private-key sources. The skill will operate on sensitive assets (wallet keys, approvals, on-chain txs) and manage API keys; those require explicit declaration and user consent. This mismatch increases risk of accidental secret exposure.
Persistence & Privilege
always:false (no forced persistence) and default autonomous invocation are fine. The skill can perform write operations (including wallet reset and key/API-key management) if run — but there is no indication it alters other skills or requests permanent system privileges. Still, combine this with the install/script and secret-handling concerns.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install poly-cli
  3. After installation, invoke the skill by name or use /poly-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.5
v0.1.5: Full command coverage (~100 commands across 10 sections), batch queries, order types (GTC/FOK/GTD/FAK), bridge, rewards, sports metadata, troubleshooting guide
Metadata
Slug poly-cli
Version 0.1.5
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Polymarket CLI?

Operate Polymarket from terminal with the `polymarket` Rust CLI (v0.1.5). Covers market/event/tag/series discovery, CLOB order book queries (single & batch),... It is an AI Agent Skill for Claude Code / OpenClaw, with 261 downloads so far.

How do I install Polymarket CLI?

Run "/install poly-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Polymarket CLI free?

Yes, Polymarket CLI is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Polymarket CLI support?

Polymarket CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Polymarket CLI?

It is built and maintained by seandong (@seandong); the current version is v0.1.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments