storyclaw-polymarket-trading

SUSPICIOUS: The skill is purpose-aligned and uses official Polymarket tooling, so it does not look like credential harvesting malware. However, it grants an AI agent high-impact financial autonomy, stores raw wallet private keys locally, and establishes persistent cron-based execution, making the overall security risk high even though malicious intent is not evident.

This JSON is a credentials/configuration file that contains placeholders for sensitive secrets (private key and API credentials). The file itself is not executable or directly malicious, but storing real secrets here in plaintext is a significant supply-chain and operational security risk: if these values are populated and the file is committed, leaked, or read by an attacker, they enable account compromise and theft. Treat this file as high-sensitivity material; do not commit to source control, use secret management, and rotate keys if they were exposed.