polymarket-clob-auth-trade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires creating and embedding sensitive values (wallet private key-derived signatures, API secret-derived HMAC, POLY_API_KEY and POLY_PASSPHRASE) into request headers and requests, which forces the agent to handle and output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly and specifically designed to perform crypto trading on Polymarket's CLOB: it details L1 wallet EIP-712 signing (using a private key), obtaining API keys, creating L2 HMAC signatures, constructing signed Order structs (including token_id -> U256 casting and signature_type), and sending POST requests to /order to place trades. These are direct blockchain/crypto trading and order-execution actions (signing transactions and sending market orders), which meet the "Direct Financial Execution" criteria.