Polymarket Bot Skill

Automate Polymarket bot operations including fetching market data, placing trades, and implementing strategies like arbitrage. Use when users need to build o...

Key points before installing or running this skill: - Metadata mismatch: The registry metadata claims no required environment variables, but the code expects a POLY_PRIVATE_KEY and derives API credentials. Treat that as a red flag: ask the publisher to update the metadata to list required secrets. - Sensitive operations: The code will sign messages with your private key and POST them to Polymarket endpoints to derive API credentials. Only provide private keys if you fully trust the code and publisher — prefer hardware wallets, ephemeral keys, or limited-scope keys where possible. - Test mode first: Run with dry_run=True and on a testnet or with a throwaway account to validate behavior. Do not run with dry_run=False on a funded account until you fully audit the code. - Audit network behavior: The scripts make HTTP requests to polymarket domains (gamma-api.polymarket.com, clob.polymarket.com, data-api.polymarket.com) — verify those endpoints and ensure TLS is used. Inspect any unexpected outbound hosts before using. - Code quality issues to fix before trusting: auth uses signTypedData (ensure correct EIP-712 usage), authenticate_with_clob posts a signed_message (review what is sent), and some code passes api_creds into requests.get via auth=self.api_creds (this may not be correct and could leak data). Have a developer review these details. - Dependency management: The skill relies on web3.py, requests, dotenv, asyncio, etc. Install these from official sources and run in an isolated virtual environment or container. - Operational risk: The bot can automatically place trades (including copy-trading). This exposes you to financial loss, MEV, front-running, slippage, and rate-limit issues. Use rate limiting, position limits, and monitoring as suggested in references. - If you cannot audit the code, avoid providing real private keys. Ask the publisher for clearer metadata, dependency lists, and a security/privacy statement. Consider running the skill in a sandbox or with a read-only API credential (if available).

Type: OpenClaw Skill Name: polymarket-bot Version: 1.0.0 This skill is classified as suspicious due to a significant prompt injection vulnerability and its engagement in high-risk operations. The `SKILL.md` file explicitly instructs the AI agent to use prompts from `references/prompts.md` and `references/strategy_examples.md` to 'generate code for strategies'. While the current prompts in these files are not overtly malicious, this mechanism creates a direct vector for prompt injection, allowing an attacker to potentially instruct the agent to generate and execute arbitrary malicious code. Furthermore, the skill's core functionality involves handling sensitive private keys (via `scripts/auth_setup.py` and `scripts/bot_integration.py`) and performing automated cryptocurrency trades, which are inherently high-risk operations, amplifying the potential impact of a successful injection.