← Back to Skills Marketplace

庄家异动探测器

Name: 庄家异动探测器
Author: xqw1377-prog

by xqw1377-prog · GitHub ↗ · v1.4.0

cross-platform ⚠ suspicious

346

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install poly-hunter-stable

Description

实时监控 Polymarket 大额资金异动，分析庄家持仓与胜率，支持 SkillPay 0.01U 支付保障情报价值。

Usage Guidance

This skill largely does what it says (polls Polymarket, charges via SkillPay) but I found a hardcoded SkillPay API key in the source. Before installing: (1) Treat the embedded key as a red flag — it may route payments or indicate a leaked secret. Ask the author whether that token is a harmless test key; if not, do not use it. (2) Prefer running the skill only after you set your own SKILLPAY_API_KEY environment variable; inspect/replace the hardcoded default in main.py. (3) Confirm who will receive the 0.01 USDT payments (the skill owner? you?). (4) Because the skill opens a networked API, run it in an isolated environment or sandbox until you verify behavior. (5) The registry metadata and skill.yaml disagree about required env vars; ask the publisher to correct this and to remove any embedded credentials. If the author confirms the embedded key is invalid/test-only and they update the repo to remove it, my concern would be reduced.

Capability Analysis

Type: OpenClaw Skill Name: poly-hunter-stable Version: 1.4.0 The skill implements a Polymarket price tracker with a mandatory cryptocurrency paywall via SkillPay. It is classified as suspicious primarily due to a hardcoded API key (sk_8b36c2ca9e774eb0243752f907b086e78c8af866a4088d3e3475113ed446b71) in main.py, which is a significant security vulnerability. Additionally, the code uses synchronous time.sleep within a loop in the FastAPI /invoke endpoint, which can block the event loop and lead to denial-of-service conditions under load.

Capability Assessment

⚠ Purpose & Capability

The skill's declared purpose (monitor Polymarket and charge via SkillPay) matches the network calls in main.py to Polymarket and SkillPay. However there is an inconsistency between the registry metadata that listed no required env vars and the included skill.yaml/main.py which require SKILLPAY_API_KEY. That mismatch is unexpected and reduces trust.

ℹ Instruction Scope

SKILL.md describes a FastAPI service that processes payments and returns market movers; main.py implements FastAPI endpoints and only makes network calls to Polymarket and SkillPay. The instructions are not asking the agent to read arbitrary local files or unrelated credentials. SKILL.md mentions 'automatically handle crypto payment callbacks' while the implementation polls SkillPay; the doc is a bit vague but not evidence of broader data collection.

✓ Install Mechanism

No external download/install mechanism is present; dependencies are standard Python packages listed in requirements.txt. Nothing in the install spec indicates extraction of arbitrary archives or fetching code from untrusted hosts.

⚠ Credentials

The skill legitimately needs a SkillPay API key to create and check charges. However main.py contains a hardcoded SKILLPAY_API_KEY default token embedded in source code. Shipping a working default key is a sensitive design choice: it can route payments to the embedded key's owner (or leak a secret). The required-env listing in skill.yaml (SKILLPAY_API_KEY required) conflicts with the registry summary that claimed none — another coherence issue.

✓ Persistence & Privilege

The skill is not configured as 'always: true' and does not request elevated persistence. It needs network permission (reasonable for its purpose) but does not modify other skills or system-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install poly-hunter-stable
After installation, invoke the skill by name or use /poly-hunter-stable
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.4.0

PolyHunter 1.4.0: Whalewatch skill for Polymarket - Provides real-time monitoring of large fund movements on the Polymarket blockchain. - Analyzes whales’ position changes and win rate distribution automatically. - Integrates SkillPay with a 0.01U payment threshold for access. - Runs on FastAPI, supports concurrent API calls, and handles crypto payment callbacks automatically. - Driven by 星爷选股’s logic to deliver precise insights for Web3 investors.

Metadata

Slug poly-hunter-stable

Version 1.4.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is 庄家异动探测器?

实时监控 Polymarket 大额资金异动，分析庄家持仓与胜率，支持 SkillPay 0.01U 支付保障情报价值。 It is an AI Agent Skill for Claude Code / OpenClaw, with 346 downloads so far.

How do I install 庄家异动探测器?

Run "/install poly-hunter-stable" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 庄家异动探测器 free?

Yes, 庄家异动探测器 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 庄家异动探测器 support?

庄家异动探测器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 庄家异动探测器?

It is built and maintained by xqw1377-prog (@xqw1377-prog); the current version is v1.4.0.

More Skills