Skills
skills/openclaw/skills/polymarket-wallet-xray/Gen Agent Trust Hub

polymarket-wallet-xray

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface in scripts/status.py.
  • Ingestion points: The script fetches market question strings from the Simmer API (/api/sdk/positions).
  • Boundary markers: Absent; market questions are printed directly to the stdout.
  • Capability inventory: The script performs network requests via urllib.request and accesses environment variables (SIMMER_API_KEY).
  • Sanitization: Absent; external strings are not escaped or filtered before output.
  • [EXTERNAL_DOWNLOADS]: Fetches data from vendor and well-known service APIs.
  • Queries https://api.simmer.markets for account status and positions.
  • Queries https://data-api.polymarket.com to retrieve public wallet activity.
  • References use of gamma-api.polymarket.com and clob.polymarket.com for market searches and orderbook data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 01:49 PM