← Back to Skills Marketplace
650
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install polyclaw-pro
Description
Trade on Polymarket via split + CLOB execution. Browse markets, track positions with P&L, discover hedges via LLM. Includes automation tools: live portfolio...
Usage Guidance
This skill is not obviously malicious, but it has multiple red flags you should resolve before trusting it with a real private key:
- Do not supply your main wallet private key. Instead test with an expendable account funded with minimal funds.
- Ask the author to explain why there are hard-coded wallet addresses (0x2aacf9...) and a funder address in multiple files. If those are sample/demo addresses, they should not be hard-coded in production code.
- Confirm and require OPENROUTER_API_KEY (and any other API keys) to be declared in the skill metadata if the LLM hedge feature is used.
- The code uses absolute root paths (/root/.openclaw/...). Run the skill in an isolated container or non-root account, and update config paths to be relative to the skill install directory.
- Review cron/job recommendations carefully before adding them; scheduled scripts will repeatedly use the private key to sign transactions.
- Verify the 'uv' brew formula source before installing; ensure 'uv sync' actually installs the Python dependencies (or run a venv and pip install from the included pyproject.toml yourself).
- If you need automation, prefer short-lived or constrained keys (e.g., delegate with a smart-contract-based allowance or use a hot wallet with limited funds) and perform a code audit for any network endpoints or unexpected external calls.
If the author cannot satisfactorily explain the hard-coded addresses, root paths, and undeclared env vars, treat the package as unsafe to run with any significant funds.
Capability Analysis
Type: OpenClaw Skill
Name: polyclaw-pro
Version: 1.0.0
This skill is classified as suspicious due to its inherent high-risk capabilities, although these appear to be aligned with its stated purpose as a Web3 trading bot. Key indicators include the direct handling of a user's EVM private key (`POLYCLAW_PRIVATE_KEY`) from environment variables for signing and sending blockchain transactions (e.g., in `auto_redeem_check.py`, `discipline_scanner.py`), which is explicitly acknowledged as a security risk in `SKILL.md` and `README.md`. The skill also employs network proxies (Tor via `httpx[socks]` and `curl-cffi`) for Cloudflare bypass, and utilizes `subprocess.run` in `polyclaw_api.py` to execute other scripts (e.g., `swap.py`), which presents a potential Remote Code Execution (RCE) vulnerability if an AI agent were to be prompt-injected into passing malicious arguments. While these functionalities are necessary for a trading bot, their combined risk profile warrants a 'suspicious' classification rather than 'benign'.
Capability Assessment
Purpose & Capability
The skill claims to trade on Polymarket and therefore legitimately needs an RPC node and a private key (CHAINSTACK_NODE, POLYCLAW_PRIVATE_KEY) and the uv binary. However many code files contain hard-coded wallet addresses (e.g., 0x2aacf9... used as WALLET/WALLET_ADDR/funder) and other constants that suggest parts of the code operate on or expect someone else's account rather than the installing user's wallet. README/SKILL.md also reference an OPENROUTER_API_KEY for LLM hedge discovery that is not declared in the skill's required env list. These mismatches (hard-coded wallets + undeclared but required credentials) are disproportionate to a straightforward user-facing trading tool and are an incoherence to flag.
Instruction Scope
Runtime instructions run on-chain transactions (approve, redeem, trades) which is expected. But the SKILL.md and scripts also: (1) suggest cron jobs running from absolute root paths (/root/.openclaw/skills/polyclaw), (2) include an API bridge (polyclaw_api.py) intended to be called via SSH from external bots (exposes portfolio and risk-check endpoints without additional auth), and (3) several scripts patch HTTP clients to route through a local Tor proxy. The code reads/writes state/config files under hard-coded root paths and references other files (.env, portfolio.json), widening the data surface beyond the declared manifests. These instructions and paths grant ongoing access and data flow that go beyond simple interactive CLI usage.
Install Mechanism
Install spec only installs the 'uv' brew formula. SKILL.md expects 'uv sync' to populate Python dependencies (pyproject.toml lists many packages). This is not malicious by itself, but the install description is incomplete: it assumes the uv tool will install required Python packages and create .venv. The brew source for 'uv' should be verified (third-party brew taps can be a risk). No arbitrary URL downloads or extract steps are present in the provided install spec.
Credentials
Primary credential POLYCLAW_PRIVATE_KEY is expected for signing transactions. But the skill's README/SKILL.md and some code reference additional sensitive env vars (OPENROUTER_API_KEY, HTTPS_PROXY, CLOB_MAX_RETRIES) that are not declared in the skill metadata. The code uses CHAINSTACK_NODE and the private key, but also frequently uses a fixed WALLET_ADDR for data API calls (meaning the skill will collect and display data about that address) and sometimes uses a different 'funder' address for CLOB calls. Requiring a full EVM private key is proportional for trading, but the combination of undeclared API keys and the presence of hard-coded addresses is suspicious and can lead to unintended data disclosure or action.
Persistence & Privilege
The skill does not set always:true, but SKILL.md and several scripts include explicit cron job examples (running as root, writing logs to /var/log) and code writes state files under /root/.openclaw/skills/polyclaw. These cron examples plus scripts that sign and send transactions with the provided private key create a persistent, scheduled capability to act with your credentials. Because the code also provides an API bridge intended for external invocation (SSH), persistent/automated use combined with the uncovered inconsistencies increases the blast radius.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install polyclaw-pro - After installation, invoke the skill by name or use
/polyclaw-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
PolyClaw with live portfolio, auto-redeem, discipline scanner
Metadata
Frequently Asked Questions
What is PolyClaw Pro?
Trade on Polymarket via split + CLOB execution. Browse markets, track positions with P&L, discover hedges via LLM. Includes automation tools: live portfolio... It is an AI Agent Skill for Claude Code / OpenClaw, with 650 downloads so far.
How do I install PolyClaw Pro?
Run "/install polyclaw-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PolyClaw Pro free?
Yes, PolyClaw Pro is completely free (open-source). You can download, install and use it at no cost.
Which platforms does PolyClaw Pro support?
PolyClaw Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PolyClaw Pro?
It is built and maintained by lmanchu (@lmanchu); the current version is v1.0.0.
More Skills