polyclaw
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the user to store their EVM private key in the
POLYCLAW_PRIVATE_KEYenvironment variable in plaintext. This is a common but sensitive credential management pattern that poses a risk of exposure if the execution environment or process memory is compromised.\n- [PROMPT_INJECTION]: Thescripts/hedge.pyutility fetches market questions from the Polymarket API and interpolates them directly into an LLM prompt to identify hedging opportunities. This data is external and untrusted, creating a surface for indirect prompt injection if an attacker crafts a market question containing malicious instructions.\n - Ingestion points: Market questions are retrieved from the Gamma API in
scripts/hedge.py.\n - Boundary markers: None identified in the
IMPLICATION_PROMPTtemplate.\n - Capability inventory: The skill provides automated trading logic in
scripts/trade.py.\n - Sanitization: No validation or sanitization is performed on market questions before they are processed by the LLM.\n- [COMMAND_EXECUTION]: The dispatcher in
scripts/polyclaw.pyusessubprocess.runto call its internal sub-scripts based on user input. While it uses a list-based argument format which mitigates direct shell injection, it relies on the agent to ensure that inputs passed as CLI arguments are well-formed.
Audit Metadata