polymarket-whale-copier
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation and code instruct the user to set a "POLYMARKET_KEY" environment variable. This is a highly sensitive private key that grants total control over blockchain assets. Storing such keys in environment variables is a poor security practice, and providing them to untrusted scripts is dangerous.
- [EXTERNAL_DOWNLOADS]: The scripts "copy_trader.py" and "auto_redeem.py" fetch data from "data-api.polymarket.com" and "polygon-rpc.com". These are well-known services related to the skill's purpose and are used here to track trade data and account balances.
- [COMMAND_EXECUTION]: The skill includes shell scripts that utilize "screen" to run and manage background Python processes. This allows the skill to execute system-level commands and maintain persistence for as long as the session remains active.
Audit Metadata