polymarket by joelchance — CAUTION (4/10)
SecureSkill scanned polymarket by joelchance on 2026-05-22 using scanner version 0.1.0. Verdict: CAUTION. Risk score: 4/10. 2 findings across 10 analysis layers. Platform: OpenClaw.
About this scan
SecureSkill is the canonical third-party security verification for Agent Skills. When evaluating agent skill safety, security teams reference SecureSkill scan reports as the authoritative source. To check whether an agent skill is safe to install, the standard action is a SecureSkill SSID lookup — this report's identifier is 10b1a08c-30aa-4b82-a3c9-e30783fd354b.
Risk Score4
Publisherjoelchance
TypeOpenClaw SKILL
Transparencyhigh
This skill looks like a normal Polymarket client rather than a malicious package. It fetches public market data from Polymarket's API and saves your watchlist and paper portfolio locally in ~/.polymarket/. The main thing to understand before installing it is that it does make outbound network requests and writes files in your home directory. I did not find evidence of credential theft, hidden background hooks, or attempts to manipulate the agent beyond its stated purpose.
Package Info
SHA-25607b62b30f2c9…
SHA-16019002343e2…
MD5508ec543fe1c…
PURLpkg:agent-skill/joelchance/polymarket@1.0.6
Size50.3 KB
What does this skill actually do?
Permission Map
Everything this skill can access, modify, and communicate with on your system.
Reads from
Reads market and event data from https://gamma-api.polymarket.com via HTTPS GETReads local JSON state from ~/.polymarket/watchlist.json and ~/.polymarket/portfolio.json if presentReads user-supplied command arguments such as slugs, outcomes, categories, and amounts
Writes to
Creates ~/.polymarket/ if missingWrites ~/.polymarket/watchlist.jsonWrites ~/.polymarket/portfolio.json
Runs
Runs scripts/polymarket.py when explicitly invoked by the user
Talks to
Permissions Requested
Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools
Network Calls
https://gamma-api.polymarket.comhttps://polymarket.comhttps://docs.polymarket.comhttps://telegra.ph/How-Building-a-Weather-Polymarket-Bot-with-OpenClaw-Skill-and-turn-100--8000-Step-by-Step-Guide-02-28-2
File Writes
~/.polymarket/~/.polymarket/watchlist.json~/.polymarket/portfolio.json