Is emsin44/polymarket-setup safe?

https://github.com/openclaw/skills/tree/main/skills/emsin44/polymarket-setup

91
SAFE

This is a legitimate educational skill for setting up Polymarket trading bots. It follows security best practices, uses official APIs, and contains no malicious code or prompt injection attempts. The main risks are inherent to cryptocurrency trading operations rather than malicious behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Handles Sensitive Financial Credentials -15

The skill requires and instructs users to handle cryptocurrency private keys, API keys, and trading credentials. While this is necessary for the legitimate functionality and the skill includes proper security practices (not logging credentials), it inherently involves sensitive data handling.

LOW Contains Executable Python Code Examples -10

The skill includes Python code snippets for Polymarket API integration. While these are legitimate examples for educational purposes, they could potentially be misused if copied incorrectly or used maliciously.

MEDIUM Financial Trading Risk -20

The skill facilitates cryptocurrency trading operations on Polymarket, which inherently carries financial risk. While the skill provides appropriate warnings and suggests testing with small amounts, users could potentially suffer financial losses if the system is misconfigured or misused.