← Back to Skills Marketplace

庄家异动探测器

Name: 庄家异动探测器
Author: xqw1377-prog

by xqw1377-prog · GitHub ↗ · v1.1.0

cross-platform ⚠ suspicious

374

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install poly-hunter

Description

实时监控 Polymarket 庄家大额资金异动，自动分析持仓和胜率，支持 SkillPay 0.01U 加密支付。

Usage Guidance

Do NOT install or enable this skill until the developer addresses the hardcoded API key and provenance concerns. Specific actions to request or take before installing: 1) Ask the publisher for a public source repo and proof of ownership of the SkillPay account; 2) Require removal of the hardcoded SKILLPAY_API_KEY from main.py and that the code read the API key from an environment variable or secret store; 3) Have the developer rotate/revoke the exposed API key immediately (assume it may be compromised); 4) Verify billing behavior in a safe test environment — who receives the 0.01 USDT payments and whether that is intended; 5) If you must test, run the skill in an isolated sandbox or VM and monitor network traffic, and do not provide any of your own credentials or wallets. The unknown source and embedded secret are concrete red flags; treat this package as untrusted until resolved.

Capability Analysis

Type: OpenClaw Skill Name: poly-hunter Version: 1.1.0 The skill contains a hardcoded secret API key (sk_...) in main.py, which is a significant security vulnerability and overrides the environment variable configuration defined in skill.yaml. Additionally, the /invoke endpoint implements a synchronous polling loop with time.sleep(), which could lead to resource exhaustion or execution timeouts for the OpenClaw agent. The skill interacts with api.skillpay.me and clob.polymarket.com.

Capability Assessment

⚠ Purpose & Capability

The code behavior (fetch Polymarket endpoints; create and poll SkillPay charges) matches the stated purpose. However metadata inconsistencies exist: registry metadata reported no required env vars while skill.yaml declares SKILLPAY_API_KEY required, yet main.py ignores the env var and embeds a literal SKILLPAY_API_KEY. Embedding a payment service secret in the code does not align with normal, least-privilege design for this purpose.

ℹ Instruction Scope

SKILL.md describes running a FastAPI service and handling payments which is consistent with main.py. The runtime does network calls to Polymarket and SkillPay only and runs an /invoke endpoint, and it does not read unrelated system files. The doc does not warn about the embedded API key or the service exposing a public HTTP endpoint with permissive CORS.

✓ Install Mechanism

No download-from-URL or arbitrary install steps; dependencies are standard Python packages listed in requirements.txt. The skill will run a FastAPI server (uvicorn) — there is no unusual install mechanism, but the repository is the source of truth and contains the hardcoded secret.

⚠ Credentials

skill.yaml declares SKILLPAY_API_KEY as a required env variable (which is reasonable for payment integration), but main.py does not read SKILLPAY_API_KEY from the environment and instead hardcodes a long 'sk_...' secret. That embedded API key is sensitive and disproportionate for a publicly distributed skill; it's unclear who controls the key and which account will receive payments. No other unrelated credentials are requested.

✓ Persistence & Privilege

The skill does not request always: true, does not modify other skills, and only needs network permission (declared in skill.yaml). It will run an HTTP endpoint which is expected for this functionality.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install poly-hunter
After installation, invoke the skill by name or use /poly-hunter
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

No user-facing changes in this version. - Version update with no modifications to features or documentation.

v1.0.1

Initial release of PolyHunter. - Real-time monitoring of large fund movements on Polymarket. - Automated analysis of whale positions and win rates. - SkillPay 0.01U payment integration to access insights. - Runs on FastAPI with concurrent API support and crypto payment callback handling.

v1.0.0

PolyHunter v1.0.0 – Initial Release - Monitors large fund movements on Polymarket in real-time. - Automatically analyzes whale positions and win rate distributions. - Integrates a SkillPay payment gateway with a 0.01U minimum fee. - Runs on FastAPI, supporting concurrent API calls and automated crypto payment callbacks. - Built to provide accurate market insights for Web3 investors.

Metadata

Slug poly-hunter

Version 1.1.0

License —

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is 庄家异动探测器?

实时监控 Polymarket 庄家大额资金异动，自动分析持仓和胜率，支持 SkillPay 0.01U 加密支付。 It is an AI Agent Skill for Claude Code / OpenClaw, with 374 downloads so far.

How do I install 庄家异动探测器?

Run "/install poly-hunter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 庄家异动探测器 free?

Yes, 庄家异动探测器 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 庄家异动探测器 support?

庄家异动探测器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 庄家异动探测器?

It is built and maintained by xqw1377-prog (@xqw1377-prog); the current version is v1.1.0.

More Skills