polymarket

The skill aims to provide read-only access plus real trading capabilities for Polymarket via a CLI, including on-chain signing with a private key stored locally. While the functional goal is coherent, the implementation exhibits significant security concerns: use of curl | sh to install a binary (unverifiable binary risk), handling of private keys in a local config file (credential exposure risk), and potential network/data flow exposure through on-chain and API interactions. Overall, the footprint is suspicious to high-risk for credential handling and supply-chain risk, though the intended purpose (Polymarket interaction) is legitimate for a developer tooling scenario.