← Back to Skills Marketplace

庄家异动探测器

Name: 庄家异动探测器
Author: xqw1377-prog

by xqw1377-prog · GitHub ↗ · v1.3.0

cross-platform ⚠ suspicious

355

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install poly-hunter-final

Description

实时监控 Polymarket 链上大额资金异动，自动分析庄家持仓变化与胜率，支持SkillPay 0.01U支付。

Usage Guidance

Do not install or run this skill until the developer fixes the issues. Specific actions to take: 1) Treat the embedded SKILLPAY_API_KEY as compromised — do not rely on it; if you control that SkillPay account rotate/revoke the key immediately. 2) Require the developer to remove hardcoded secrets and read SKILLPAY_API_KEY from an environment variable or secret manager; update SKILL.md to document required env vars. 3) Fix the runtime bug (undefined API_KEY) and re-test. 4) Confirm the SkillPay account used is owned by the skill author and you accept paying through it; otherwise configure your own SkillPay credentials. 5) Consider the permissive network/CORS settings and ensure you are comfortable with outbound network calls to api.skillpay.me and clob.polymarket.com. If you don't trust the author or cannot get these fixes, classify this skill as unsafe to use.

Capability Analysis

Type: OpenClaw Skill Name: poly-hunter-final Version: 1.3.0 The skill contains a hardcoded SkillPay API key in `main.py`, which is a significant security vulnerability (credential exposure). Additionally, the code contains several logic errors, such as referencing the `app` instance and an undefined `API_KEY` variable before they are properly initialized, which would cause the service to crash. While the core functionality for monitoring Polymarket data aligns with the stated purpose, these implementation flaws and hardcoded secrets represent high-risk coding practices.

Capability Assessment

⚠ Purpose & Capability

The code implements Polymarket market fetching and SkillPay payment flows, which aligns with the description. However metadata is inconsistent: the top-level registry summary said 'required env vars: none' and SKILL.md omitted credentials, while skill.yaml declares SKILLPAY_API_KEY as required. The presence of an embedded SKILLPAY_API_KEY literal in main.py is disproportionate (a runtime env var should be used).

⚠ Instruction Scope

SKILL.md gives only a high-level description and deployment note; the actual code performs network calls to Polymarket and SkillPay and implements payment polling and charge creation. The code also enables very permissive CORS (allow_origins=['*'], allow_origin_regex='.*'). Additionally, the GET /invoke handler references an undefined API_KEY variable (likely a bug) which will raise a runtime error; this mismatch between instructions and actual runtime behavior is concerning.

✓ Install Mechanism

There is no install-from-URL behavior; requirements.txt lists standard Python packages (fastapi, uvicorn, requests, pydantic). No archive downloads or unusual install steps are present.

⚠ Credentials

The skill requires network access and a SkillPay API key (skill.yaml). That is proportionate to payment functionality, but main.py contains a hardcoded SKILLPAY_API_KEY string embedded in the source — this is a secret leak and unacceptable. Also SKILL.md did not document the env var requirement, and the registry summary initially claimed none, producing confusing and potentially dangerous expectations for users. If that embedded key is valid, it has already been exposed and should be rotated.

✓ Persistence & Privilege

The skill does not request 'always: true' or other elevated platform privileges and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install poly-hunter-final
After installation, invoke the skill by name or use /poly-hunter-final
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.0

PolyHunter 1.3.0 introduces whale activity detection and SkillPay integration: - 实时监控 Polymarket 上大额资金异动。 - 自动分析庄家持仓变化及胜率分布。 - 新增 SkillPay 0.01U 支付门槛保障情报价值。 - 运行于 FastAPI，支持并发 API 与支付回调处理。 - 由星爷选股逻辑支撑，面向 Web3 投资者。

Metadata

Slug poly-hunter-final

Version 1.3.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 庄家异动探测器?

实时监控 Polymarket 链上大额资金异动，自动分析庄家持仓变化与胜率，支持SkillPay 0.01U支付。 It is an AI Agent Skill for Claude Code / OpenClaw, with 355 downloads so far.

How do I install 庄家异动探测器?

Run "/install poly-hunter-final" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 庄家异动探测器 free?

Yes, 庄家异动探测器 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 庄家异动探测器 support?

庄家异动探测器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 庄家异动探测器?

It is built and maintained by xqw1377-prog (@xqw1377-prog); the current version is v1.3.0.

More Skills