← Back to Skills Marketplace
Openclaw Bot Prob Trade
by
vlprosvirkin
· GitHub ↗
· v1.0.1
764
Downloads
1
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-bot-prob-trade
Description
Autonomous trading bot for Polymarket via prob.trade. Run strategies, manage risk, scan markets. Requires the probtrade skill for API access.
Usage Guidance
This repo appears to be a legitimate autonomous trading bot that relies on the separate probtrade skill for API access. Before installing or running it: 1) Keep dry_run enabled and test with python3 scripts/bot.py scan and status to verify behavior. 2) Review and trust the probtrade skill implementation you install — the bot imports its api_client directly, so a malicious or trojaned probtrade skill would be executed. 3) Provide API keys only to the probtrade skill (not to unknown third parties) and secure them (use Docker or a separate service account, limit permissions, chmod 600 on .env). 4) If deploying to a server, prefer container/sandbox isolation (Docker, dedicated user) and monitor network traffic and logs. 5) Expect financial risk: the bot can place real orders when dry_run is disabled. 6) If you plan to use strategies that need LLM / NOAA / social API keys, add those credentials sparingly and review the specific strategy code. If you want additional assurance, request a review of the probtrade skill's api_client and the omitted code files for any unexpected network endpoints or secrets exfiltration.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-bot-prob-trade
Version: 1.0.1
The skill is designed for autonomous trading and uses external APIs for its functionality. It exhibits a significant vulnerability in `lib/engine.py` (and other strategy files like `lib/strategies/logic_arb.py`, `lib/strategies/weather_arb.py`, `lib/strategies/whale_tracking.py`) where it constructs `sys.path` using the `PROBTRADE_SKILL_PATH` environment variable. An attacker controlling this variable could inject a malicious `api_client.py` module, leading to arbitrary code execution. Additionally, the dynamic loading of strategy modules from `lib/strategies/__init__.py` presents a local file system vulnerability if an attacker can write files to that directory. While these are serious flaws that could enable attacks, there is no direct evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control within the provided code. The external network calls are to legitimate trading and LLM APIs, and API keys are used as intended for authentication.
Capability Assessment
Purpose & Capability
Name and description (autonomous trading via prob.trade) match the code, docs, and declared requirements. The skill asks only for python3 and delegates API access to the probtrade skill, which is coherent for this purpose.
Instruction Scope
SKILL.md and README instruct the agent to run Python scripts, edit config.yaml, and install/configure the probtrade skill for API credentials. The engine inserts a path to a probtrade skill and imports api_client.fetch/trading_request — this is expected, but it means the bot will execute whatever the probtrade skill's api_client provides. The SKILL.md exposes optional env overrides (PROBTRADE_SKILL_PATH, DRY_RUN, LLM keys) — those are reasonable, but the default path insertion (../../openclaw-skill/lib) is worth noting as a supply-chain vector: if that path contains malicious code, it will be imported.
Install Mechanism
Only install step is a brew formula for python@3 to provide python3. Installing Python via a package manager is proportionate to a Python-based bot. (Note: brew on Linux requires Linuxbrew; the install instruction targets macOS/Linux which is reasonable but may need adjustment on some distros.)
Credentials
The skill itself does not declare required credentials; it correctly delegates API keys to the probtrade skill. Several strategies optionally require external API keys (LLM provider keys, NOAA token, social API keys) — these are documented and optional per-strategy. This is proportionate, but users must supply sensitive keys (prob.trade API key/secret, any LLM keys) for live trading; the skill will act using whatever keys are present via the probtrade skill or env vars.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request permanent platform-wide privileges or modify other skills' configs. Its install writes only the Python binary via brew (standard) and the repository contents; no elevated or stealthy persistence is requested by this skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-bot-prob-trade - After installation, invoke the skill by name or use
/openclaw-bot-prob-trade - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Major update: Initial release of the autonomous Polymarket trading bot.
- Added standalone trading bot with market scanning, risk management, and strategy modules.
- Supports dry-run mode, balance/status checks, and strategy listing.
- Pluggable strategies included for momentum and pair arbitrage.
- New config system (`config.yaml`) for customizing strategies and risk limits.
- All bot actions and outputs are agent/AI-friendly (JSON/formatted text).
- Requires and integrates with the existing `probtrade` skill for API access.
v2.0.3
Major update: bot automation features removed, now focused on Polymarket analytics and trading utilities.
- Removed autonomous trading bot logic, strategies, and all bot-related scripts and libraries.
- Added new scripts for direct interaction with the prob.trade API (analytics, market data, and trading).
- Documentation updated to reflect new command-line tools and API key usage.
- Simplified configuration—now requires only prob.trade API credentials.
- Outputs structured JSON for all analytics and trading commands.
v1.0.0
- Initial release of probtrade-bot (version 1.0.0): an autonomous trading bot for Polymarket utilising the probtrade skill.
- Supports running pluggable trading strategies, market scanning, and risk management with customizable limits.
- Includes built-in strategies: momentum and pair arbitrage.
- Offers commands for running the bot, scanning markets, checking bot status, and listing available strategies.
- Provides clear setup instructions, environment variable overrides, and support for custom strategies.
- Requires the probtrade skill and Python 3.
Metadata
Frequently Asked Questions
What is Openclaw Bot Prob Trade?
Autonomous trading bot for Polymarket via prob.trade. Run strategies, manage risk, scan markets. Requires the probtrade skill for API access. It is an AI Agent Skill for Claude Code / OpenClaw, with 764 downloads so far.
How do I install Openclaw Bot Prob Trade?
Run "/install openclaw-bot-prob-trade" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Bot Prob Trade free?
Yes, Openclaw Bot Prob Trade is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openclaw Bot Prob Trade support?
Openclaw Bot Prob Trade is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Bot Prob Trade?
It is built and maintained by vlprosvirkin (@vlprosvirkin); the current version is v1.0.1.
More Skills