← Back to Skills Marketplace
ruokkkkk

venue-polling

by ruok Lee · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
78
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install venue-polling
Description
Use this skill when the user wants to poll gym venue availability, inspect or modify the `venue_polling.py` order-signing flow, or run the bundled signature...
Usage Guidance
This skill appears to do what it says (poll venue availability and help debug signing), but it reads a local rsa_private_key.pem and contains a hardcoded API token — neither of which are declared in the metadata. Before running it: (1) review the code yourself or have someone you trust review it; (2) do not place your real private key or production tokens in the working directory unless you trust the code and the remote endpoint; (3) remove or replace the hardcoded TOKEN and prefer an environment variable if you must supply credentials; (4) run signature-replay and verification helpers offline first (they won't contact the network) before enabling AUTO_BOOK; (5) run the scripts in an isolated environment (container/VM) and monitor outbound network traffic; and (6) be aware running venue_polling.py with AUTO_BOOK=True will attempt to create real orders on the external service, which could have financial or account consequences.
Capability Analysis
Type: OpenClaw Skill Name: venue-polling Version: 1.0.0 The skill bundle is a specialized toolset for automating and debugging gym venue bookings on the 'shop.chuanshatiyuchang.cn' platform. It contains scripts for polling availability (`venue_polling.py`), verifying RSA signatures (`public_key_verify_test.py`), and replaying requests (`signature_replay_test.py`). While the code performs automated network requests and requires a local RSA private key, its behavior is transparent, well-documented, and strictly aligned with the stated purpose of gym booking automation without any indicators of data exfiltration, system persistence, or malicious intent.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description match the included scripts: venue_polling.py (polling + auto-booking), signature_replay_test.py and public_key_verify_test.py (offline signature debugging). The skill talks to a real external endpoint (shop.chuanshatiyuchang.cn) and includes captured requests and analysis notes — all consistent with a reverse-engineering / booking helper. However, the code embeds a hardcoded token constant (TOKEN = "0cd5cb6b21fc410dbd81bc3e6a066614") and expects a local rsa_private_key.pem file (not declared as a required credential). The presence of an embedded token and an expectation to place a private key in the working directory are not declared in the skill metadata and are disproportionate to an instruction-only skill that lists no required credentials.
Instruction Scope
SKILL.md stays on-topic: it directs the agent to read and modify the provided scripts and to use the captured references for context. It explicitly notes the scripts expect rsa_private_key.pem. It does not instruct reading unrelated system files. One caveat: the instructions encourage modifying and running bundled scripts, which — coupled with the included code — will cause outbound network requests and possibly create live orders. The agent should not run the auto-booking behavior without explicit user consent.
Install Mechanism
There is no install spec (instruction-only), so nothing is written to disk by an installer. However, the shipped Python scripts require third-party libraries (requests, cryptography) that are not declared in metadata. Running the scripts will execute code on the host and perform network I/O; users should ensure dependencies are installed from trusted sources and run in an isolated environment if needed.
Credentials
The skill metadata declares no required environment variables or credentials, but the code contains an embedded 'token-user' value and reads rsa_private_key.pem from the working directory. These are sensitive: the token is effectively a credential for the external API and the private key can sign requests. The skill thus expects or uses credentials without declaring them, which is a disproportionate and unexpected privilege request and increases risk of unintended transactions or secret exposure.
Persistence & Privilege
The skill is not marked 'always' and is user-invocable. It allows autonomous model invocation (the platform default), which by itself is normal. Combined with the credential/secret handling and the ability to send signed createOrder requests, autonomous runs could perform actions (e.g., place orders) if the private key or token are accessible — so run with caution and avoid granting it access to live secrets without review.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install venue-polling
  3. After installation, invoke the skill by name or use /venue-polling
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of venue-polling skill. - Provides tools for polling gym venue availability and managing order-signing for mini-program booking APIs. - Includes scripts for venue polling, signature debugging, signature replay, and public key verification. - Offers references and guidance for modifying polling and signing workflows. - Supports investigation and modification of RSA-based request signatures used in booking flows.
Metadata
Slug venue-polling
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is venue-polling?

Use this skill when the user wants to poll gym venue availability, inspect or modify the `venue_polling.py` order-signing flow, or run the bundled signature... It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.

How do I install venue-polling?

Run "/install venue-polling" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is venue-polling free?

Yes, venue-polling is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does venue-polling support?

venue-polling is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created venue-polling?

It is built and maintained by ruok Lee (@ruokkkkk); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments