polymarket

This skill is documentation and examples for using Polymarket's official real-time data client. Capabilities described align with the stated purpose (market data, WebSocket subscriptions, authenticated user streams). There are no clear malicious indicators (no download-execute, no unknown external exfiltration endpoints, no obfuscation). The primary security concern is credential handling: examples show raw API key/secret/passphrase being placed in subscription payloads and logging incoming messages, which can lead to credential exposure or accidental logging of private user data if integrators are careless. Recommend secure storage of secrets, avoiding logging sensitive payloads, using minimal scopes/filters, and following standard token rotation and least-privilege practices. Overall risk is low-to-moderate and mainly operational rather than malicious.