polyclaw
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the POLYCLAW_PRIVATE_KEY environment variable for on-chain transactions. Storing unencrypted private keys in environment variables is a high-risk practice as they may be exposed in logs, process listings, or shared environments.
- [COMMAND_EXECUTION]: The main dispatcher scripts/polyclaw.py uses subprocess.run to execute other Python scripts within the skill directory. While restricted to internal scripts, this pattern can be risky if input arguments are not strictly validated.
- [PROMPT_INJECTION]: The scripts/hedge.py script constructs an LLM prompt using market questions fetched from the Polymarket Gamma API. Since these market questions are external untrusted data and are not sanitized before interpolation, this creates a surface for indirect prompt injection which could influence trading recommendations. * Ingestion points: target_question and market_list_text in scripts/hedge.py. * Boundary markers: None. * Capability inventory: On-chain trading (scripts/trade.py) and local position storage (lib/position_storage.py). * Sanitization: None.
Audit Metadata