The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill generates a Polygon crypto wallet and stores the private key locally in ~/.polyclawster/config.json. The key is used for local signing of blockchain transactions and is protected by filesystem permissions (mode 600).
[EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's relay and API at polyclawster.com for market data, trading signals, and order submission. It also interacts with official Polymarket and Polygon RPC endpoints.
[COMMAND_EXECUTION]: The utility scripts/monitor.js uses execSync to chain the sell.js script when take-profit or stop-loss triggers are met. The arguments passed to the sub-process are parsed as integers to prevent shell injection.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from external URLs (such as Tweets, YouTube videos, or news articles) to make trading decisions. This creates an indirect prompt injection surface where malicious instructions embedded in the external content could attempt to influence the agent's trading behavior.
[SAFE]: On live trades, the skill automatically transfers a 1% relay fee to the developer's master wallet (0x6f314d7d2f50808cec1d26c1092e7729d9378d75). This behavior is documented in the project's changelog and source code as part of the service's monetization model.

polyclawster-agent