Polyclawster

The skill claims to let users create local Polygon wallets and trade via Polymarket. However, the code expects or reads a system/master credentials file (/workspace/polymarket-creds.json) and references external proxy/trial systems and other skills; these artifacts are not declared in SKILL.md. search.js queries polyclawster.com (not Polymarket's Gamma API) despite documentation saying markets are fetched from Polymarket's Gamma API. The presence of a 'system wallet' and master creds is not described in the top-level metadata or instructions, which is inconsistent with the stated purpose.

SKILL.md tells the agent to run scripts and save config to ~/.polyclawster, but the runtime code also reads/writes other paths (e.g. /workspace/polymarket-creds.json, /tmp/hb-trial.json) and uses environment variables (HB_PROXY_USER, HB_PROXY_PASS, POLYMARKET_PRIVATE_KEY) that are not declared. clob-proxy imports a function from a human-browser skill path (../.agents/skills/human-browser/scripts/browser-human) to 'getTrial', implying cross-skill file access. search requests are routed through polyclawster.com endpoints rather than directly to Polymarket in some scripts, which could result in unexpected data flows.

No install spec (instruction-only skill) — lowest install risk on its own. However, the package.json declares npm dependencies (@polymarket/clob-client, ethers, https-proxy-agent) which must be installed manually (npm install). There is no remote binary download, but running npm install will pull third-party packages; the SKILL.md instructs users to run npm install in the skill directory.

Top-level metadata declares no required environment variables or config paths, but the code expects multiple sensitive inputs: HB_PROXY_USER/HB_PROXY_PASS/HB_PROXY_COUNTRY (residential proxy creds), POLYMARKET_PRIVATE_KEY / POLYMARKET_PRIVATE_KEY env fallbacks, and reads master credentials from /workspace/polymarket-creds.json. These provide access to private keys or proxy accounts and are not justified in the SKILL.md or registry metadata.

The skill does not set always:true, but it attempts to access system-wide locations (/workspace/..., /tmp/...) and other skill code paths, which increases its effective privilege despite no explicit persistent flag. It also relies on an external 'system' wallet file that could hold funds; the skill will attempt automatic trading using that file if present. This cross-path access is not documented and is unexpected for a simple CLI trading wrapper.