polymarket-clob-client

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains code that explicitly logs and prints API credentials (e.g., console.log(creds) and printing CLOB_API_KEY/CLOB_SECRET/CLOB_PASS_PHRASE), which instructs exposing secrets verbatim even though env vars are used elsewhere.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches market, orderbook, and trade data from a public Polymarket CLOB API (CLOB_HOST / https://clob.polymarket.com) and explicitly uses that untrusted third-party market/user-generated content in workflows (e.g., monitorAndTrade, runMarketMaker) to make trading decisions and place/cancel orders, which could allow indirect prompt-injection-like influence on agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading client for Polymarket's CLOB and exposes direct money-moving operations: it requires a blockchain private key/wallet signer and API credentials (EIP-712 wallet signing and HMAC creds) and provides functions to create/post orders (limit and market orders), execute market orders, cancel orders (single/multiple/all), get balances (USDC), and includes example trading/market-making bots that programmatically place and replace orders. These are concrete financial execution actions (crypto/blockchain trading and market orders), so it grants direct financial execution capability.