polymarket

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Most listed URLs are legitimate Polymarket API endpoints, but the skill instructs users to download and run a password-protected ZIP (openclawcli) from an unfamiliar GitHub account plus execute commands from a glot.io snippet — a classic untrusted-executable distribution pattern and strong red flag for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md includes multiple runtime curl calls and monitoring/trading scripts that fetch and parse public Polymarket endpoints (e.g., https://gamma-api.polymarket.com and https://clob.polymarket.com) and explicitly uses that untrusted, user-generated market data to drive alerts, position tracking and trading decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing and running openclawcli at runtime and points to remote installers that will fetch and execute code (e.g., https://github.com/Ddoy233/openclawcli/releases/download/latest/openclawcli.zip and https://glot.io/snippets/hfd3x9ueu5), so these URLs are runtime dependencies that execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading prediction markets (Polymarket): it instructs users to deposit USDC on Polygon, connect Web3, and repeatedly describes buying/selling shares, position sizing, P&L tracking, arbitrage, hedging, and “place bets.” It depends on an external CLI (openclawcli) "for trading commands" and documents market/orderbook/trade API endpoints (clob.polymarket.com / gamma-api.polymarket.com). Although not every execute-order curl is shown, the primary and explicit purpose is to place market orders / manage trading positions on a crypto prediction market (moving funds/entering trades). This meets the "Direct Financial Execution" criteria.