Is leochan14/polymarket-1-0-0 safe?

https://github.com/openclaw/skills/tree/main/skills/leochan14/polymarket-1-0-0

91
SAFE

The polymarket skill is a straightforward read-only Polymarket API client with no prompt injection, no credential access, no suspicious process behavior, and clean canary integrity. The Python script contacts only the public gamma-api.polymarket.com endpoint and uses standard argparse argument handling. The only concerns are common to any networked skill: a runtime PyPI dependency and outbound HTTP requests.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (5)

LOW Runtime dependency fetched at execution time -10

The PEP 723 script header declares 'requests>=2.28.0' as a dependency. When invoked via 'uv run' or 'pipx run', this will be downloaded from PyPI at runtime. A compromised or supply-chain-attacked version of 'requests' could theoretically intercept HTTP traffic, though this is a general Python ecosystem risk, not specific to this skill.

LOW Skill makes outbound HTTP requests on agent's behalf -10

The skill instructs the agent to execute a Python script that makes GET requests to gamma-api.polymarket.com. While the current code only fetches public market data, any skill that issues network requests creates a channel that a future malicious version could abuse. The current implementation shows no such abuse.

INFO User-controlled arguments passed to Python subprocess -5

Search queries, event slugs, and category names from user input are passed as command-line arguments to the Python script. Python's argparse handles these safely without shell interpolation, so command injection is not a realistic threat. Argparse-level injection (e.g., '--help' flag smuggling) is a theoretical nuisance, not a security issue.

INFO Developer lock.json committed to skill repository -7

The .clawhub/lock.json file references 'academic-research-hub' skill, indicating the skill author committed their local development environment's lock file. This is poor hygiene but not a security issue — it does not affect installation or runtime behavior.

INFO Skill provides prediction market data that could inform financial decisions -12

In combination with skills that can execute cryptocurrency trades or financial transactions, this skill provides real-time odds and volume data. On its own it is read-only and innocuous. No risk in isolation.