PolyGuard Martin Pro

Automates Polymarket trades locally by placing orders when configured price thresholds are met, with full transparency and no external data sharing.

This skill appears to do what it claims: poll Polymarket and place orders. Before installing, review and do the following: (1) Confirm Polymarket's API credential model — this script expects a single api_key used for HMAC signing; if Polymarket requires a separate secret you may need to adapt the code. (2) Keep config.yaml secure (it contains your API key in plaintext) and avoid storing real funds/keys until you've tested in a sandbox. (3) Inspect network traffic during a test run to confirm requests go only to https://api.polymarket.com. (4) Note logs include API responses (which may contain trade/order data); avoid sharing logs. (5) There's a minor manifest/version mismatch between registry metadata and manifest.json—this is likely benign but verify you have the intended release. If you do not want the agent to run autonomously, disable model invocation or only run the script manually.

Package: PolyGuard Martin Pro (xpi) Version: 1.1.0 Description: Free, open-source Polymarket auto-trading skill. No data collection. The PolyGuard Martin Pro (xpi) version 1.1.0 package is a Polymarket auto-trading skill. The source code has been thoroughly reviewed and found to be benign. It strictly adheres to its stated purpose of automating trades on Polymarket based on user-defined configurations. Key findings: - **No data collection or exfiltration:** The code makes network requests exclusively to `https://api.polymarket.com`, which is the official Polymarket API endpoint. There are no calls to any third-party analytics, telemetry, or unauthorized servers. - **Secure API key handling:** The `api_key` from `config.yaml` is used for authentication (Bearer token) and for HMAC-SHA256 signing of order payloads, both of which are standard practices for interacting with the Polymarket API. The key is never transmitted to any server other than Polymarket's official API. - **Safe configuration loading:** `yaml.safe_load` is used to parse `config.yaml`, mitigating risks associated with arbitrary code execution from YAML files. - **Transparent logic:** The code is straightforward, implementing a polling mechanism to fetch market prices and place orders when configured price conditions are met. There is no obfuscation or hidden functionality. - **Robust error handling:** The script includes error handling for network issues, API failures (e.g., invalid API key, insufficient balance), and malformed responses. The package's claims of being 'Free, open-source', 'No data collection', and 'No hidden backdoors' are fully supported by the code logic. The only external interaction is with the legitimate Polymarket API for trading purposes.