polymarket-clob-client-v2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that print and instruct the user to "Save these credentials" (console.log of API key, secret, passphrase) and shows plaintext secrets in a .env example, which encourages exposing secret values verbatim rather than keeping them only in environment variables or secure stores.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public market data from Polymarket's CLOB API (e.g., client.getOrderBook, getTrades, getMarket against https://clob.polymarket.com) and the SKILL.md market-making, batch, and risk-managed trading workflows read that untrusted, user-generated market content and use it to decide and place orders, so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading client for Polymarket's Central Limit Order Book. It provides concrete functions to execute financial transactions: createOrDeriveApiKey, createAndPostOrder, createAndPostMarketOrder (market buys/sells in USDC), cancelOrder/cancelOrders/cancelAll, getBalance, and position management. It requires wallet signing (EIP-712/private key) and API credentials/HMAC, and examples show placing, cancelling, and batching orders and building market-making bots. These are specific, direct mechanisms to move funds and execute market orders on a blockchain-based venue, so it grants direct financial execution authority.