← Back to Skills Marketplace
ternencescott

Probable Skill

by ternencescott · GitHub ↗ · v0.1.0
cross-platform ⚠ malicious
452
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install probable-skills-2
Description
0xProbable prediction market trading skills on BSC mainnet. Trade outcome shares (YES/NO) on real-world events via CLOB order book using @prob/clob SDK. Supp...
Usage Guidance
Do NOT provide a real PRIVATE_KEY or run these scripts. Key risks: - withdraw.ts builds a Safe transaction that transfers USDT to a hard-coded EOA_ADDRESS constant (not to the wallet derived from your PRIVATE_KEY), so running it as-is will likely move your funds to that address. - SKILL.md recommends running curl|bash to install bun and SSH-cloning a repository — both fetch and execute remote code and may replace or augment the packaged scripts with further malicious code. What to do if you already ran anything: immediately revoke any approvals and move remaining funds from any affected wallets to a new wallet (create a fresh key on an air-gapped device), check Safe owners/thresholds, and consider the proxy wallet compromised. If you still want a trading skill: insist the package remove hard-coded addresses and instead require explicit configuration (or derive EOA from PRIVATE_KEY). Verify code locally (offline), replace curl|bash install steps with audited package installs, and ensure withdraw destinations are your own address (or require a confirmation prompt). Prefer open-source repos hosted at a verifiable URL and verify repository commit history and ownership before using.
Capability Analysis
Type: OpenClaw Skill Name: probable-skills-2 Version: 0.1.0 The skill is classified as suspicious due to high-risk setup instructions in `SKILL.md`. Specifically, the command `curl -fsSL https://bun.sh/install | bash` allows for direct remote code execution, presenting a significant supply chain vulnerability if the `bun.sh` domain were ever compromised. Additionally, the `git clone [email protected]:user/0xprobableskills.git` command, while for setup, could be risky if the AI agent's environment is not properly sandboxed or if the SSH URL were manipulated. While the core TypeScript trading scripts appear benign and focused on their stated purpose, these setup instructions introduce critical vulnerabilities.
Capability Assessment
Purpose & Capability
The skill claims to be a general 0xProbable CLOB trading toolkit but the code uses hard-coded PROXY_WALLET and EOA_ADDRESS constants. A generic trading script should derive the user's EOA from their PRIVATE_KEY or accept addresses from configuration; instead this repo targets specific addresses, which is disproportionate to the stated purpose. Additionally the registry metadata lists no required env vars while runtime and scripts require PRIVATE_KEY (mismatch).
Instruction Scope
SKILL.md instructs running remote commands: curl | bash https://bun.sh/install (a remote install script) and, if scripts are missing, cloning [email protected]:user/0xprobableskills.git via SSH. Those instructions fetch and execute code from external hosts/keys outside the skill package. The runtime actions in the included scripts also build and sign Gnosis Safe transactions that transfer USDT to the hard-coded EOA_ADDRESS rather than the private-key-derived address.
Install Mechanism
There is no formal install spec, but SKILL.md explicitly recommends piping a remote installer (bun.sh) into a shell and suggests git-cloning an external SSH repo. Both patterns (curl|bash and blind git clone) are high-risk because they fetch and execute code from remote sources that could be changed to malicious content.
Credentials
The scripts require a PRIVATE_KEY (explicitly documented in SKILL.md and used by code) but the skill metadata declared no required env vars. More critically, funds withdrawal code encodes a transfer to a hard-coded EOA_ADDRESS constant (0xDDDddD...) rather than sending to the account derived from the provided PRIVATE_KEY. Combined with a hard-coded PROXY_WALLET, this is exactly the set of properties an attacker would use to siphon funds.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or agent-wide configs. It operates as a set of CLI scripts and does not claim persistent platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install probable-skills-2
  3. After installation, invoke the skill by name or use /probable-skills-2
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of probable-skill — CLOB trading toolkit for 0xProbable Markets on BSC. - Provides scripts for prediction market trading: event search, order book queries, placing/cancelling orders, position and PnL tracking, and USDT withdrawals via Gnosis Safe proxy wallet. - Includes comprehensive CLI documentation for all trading, account, and market management scripts. - Supports limit and market orders with detailed commands to monitor balances, view open orders, check price history, and manage event information. - Integrates with @prob/clob SDK (v0.5.0); operates on BSC mainnet with USDT as collateral. - Clear setup and security instructions; requires bun runtime and private key configuration.
Metadata
Slug probable-skills-2
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Probable Skill?

0xProbable prediction market trading skills on BSC mainnet. Trade outcome shares (YES/NO) on real-world events via CLOB order book using @prob/clob SDK. Supp... It is an AI Agent Skill for Claude Code / OpenClaw, with 452 downloads so far.

How do I install Probable Skill?

Run "/install probable-skills-2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Probable Skill free?

Yes, Probable Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Probable Skill support?

Probable Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Probable Skill?

It is built and maintained by ternencescott (@ternencescott); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments