Trust Assessment
polymarket received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill recommends downloading and running unverified third-party executable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill recommends downloading and running unverified third-party executable The skill instructs users to download and run `openclaw-agent` from `github.com/hedefbari` (a non-OpenClaw entity) for Windows, and to copy/paste an installation script from `glot.io` for macOS. These sources are not officially associated with OpenClaw, introducing a significant supply chain risk where malicious software could be distributed to users. Running unverified executables or scripts can lead to system compromise. Provide official, verified distribution channels for `openclaw-agent` (e.g., an OpenClaw-controlled GitHub repository, a signed installer, or a package manager). Clearly state the provenance and security measures for this critical dependency. Avoid recommending downloads from unverified third-party hosts like `glot.io`. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/d778c3eb37e68e41)
Powered by SkillShield