Skills
skills/openclaw/skills/polymarket-elon-tweets/Gen Agent Trust Hub

polymarket-elon-tweets

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The skill instructions in SKILL.md require the user to store their WALLET_PRIVATE_KEY for a Polymarket wallet in an environment variable. Storing raw private keys in environment variables is a high-risk practice as it provides any local process with full control over the user's funds.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installing simmer-sdk via pip. This package is not from a trusted organization or repository defined in the security framework.
  • [DATA_EXFILTRATION] (LOW): The script scripts/status.py transmits the user's SIMMER_API_KEY to https://api.simmer.markets. While this is functional for the tool, the domain is not on the trusted whitelist for data transmission.
  • [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: Data entering via api_request in scripts/status.py. 2. Boundary markers: Absent. 3. Capability inventory: Network operations in scripts/status.py and financial trading operations mentioned in SKILL.md. 4. Sanitization: Absent; the skill trusts and processes external API data directly.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 12:37 PM