← Back to Skills Marketplace
Optionns
by
gigabit-eth
· GitHub ↗
· v1.0.24
1083
Downloads
4
Stars
3
Active Installs
25
Versions
Install in OpenClaw
/install sports
Description
Autonomously monitor live sports games and execute micro-bets on one-touch barrier options with instant mockUSDC settlement on Solana Devnet.
Usage Guidance
This skill appears coherent for autonomous devnet betting, but take these precautions before installing or running it:
- Use throwaway/devnet-only keypairs; never point SOLANA_RPC_URL or keys to mainnet or reuse real wallets.
- Review the included scripts (especially scripts/signer.py and scripts/optionns.sh) yourself — they perform local signing and will write private key material to ~/.config/optionns/ by default.
- Verify the remote API hostname (https://api.optionns.com) independently (DNS, repo, website, or vendor identity). The skill will transmit your wallet address and receive API keys from that endpoint during registration.
- Run the skill in an isolated environment (container/VM with restricted permissions and network egress) if you plan to allow autonomous invocation.
- Consider pinning and reviewing the pip dependencies (solders, httpx) before pip installing; prefer a virtualenv and inspect packages where practical.
- If you need stronger assurance, request a verified source/repository or reproducible build; absence of a trusted upstream (homepage/source unknown) lowers confidence.
If you are uncomfortable verifying the remote endpoint or code, do not provide real credentials and avoid enabling autonomous runs that can register or transact on your behalf.
Capability Analysis
Type: OpenClaw Skill
Name: sports
Version: 1.0.24
The skill is classified as suspicious due to its reliance on a third-party API (https://api.optionns.com) to provide Solana transaction instructions, which are then signed and submitted locally by the agent. While the skill explicitly enforces 'devnet-only' operation via `signer.py` and `strategy.py` to prevent mainnet interaction, a compromised API could still issue malicious instructions for the devnet, potentially leading to loss of mock funds. The `SKILL.md` and `README.md` are transparent about the skill's operations and security model, including warnings against using mainnet wallets, and do not contain any prompt injection attempts. Input sanitization is present in `optionns.sh` for user-provided arguments, mitigating shell injection risks. The local storage of keypairs with `600` permissions is appropriate, and the use of `solders` for structured transaction signing is robust. The primary concern is the trust placed in the external API for transaction logic, which represents a vulnerability if the API is compromised, rather than intentional malice from the skill itself.
Capability Assessment
Purpose & Capability
Name/description (autonomous micro-betting on Solana devnet) match the code and instructions. The skill legitimately needs API access, wallet key material, and the solders/httpx Python libs for signing and HTTP calls; no unrelated credentials or system services are requested.
Instruction Scope
SKILL.md and the CLI/scripts instruct the agent to register, call the Optionns API, request faucet funds, create/store a local keypair at ~/.config/optionns/, and sign/submit transactions locally. These steps are expected for the stated purpose but grant the skill permission to generate and persist a keypair and an API credential and to communicate with the remote API — the README explicitly warns to use devnet-only throwaway keys.
Install Mechanism
No packaged install from third-party URLs; code is included in the skill bundle and Python dependencies are installed via pip from PyPI (requirements.txt lists solders and httpx). Pip installs are typical here but carry the usual supply-chain risk of PyPI packages.
Credentials
No required environment variables; optional vars (OPTIONNS_API_KEY, OPTIONNS_API_URL, SOLANA_RPC_URL, SOLANA_PRIVATE_KEY, SOLANA_PUBKEY/ATA) are proportional to a trading/signing client. The skill persists an API key and keypair locally and will send wallet_address to the remote API on register — behavior needed for operation but worth attention because it transmits identifying/auth data to an unverified endpoint.
Persistence & Privilege
The skill writes config and keypair files under ~/.config/optionns/ (600 perms) and logs positions locally. It does not demand 'always:true' or elevated system privileges; self-registration and autonomous operation are part of the product design but increase blast radius if the remote API or code is malicious.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sports - After installation, invoke the skill by name or use
/sports - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.24
- Removed the `_meta.json` file.
- No changes to features or code functionality.
v1.0.23
Fix auto mode: optionns.sh now calls strategy.py with positional 'auto' command instead of deprecated --mode flag.
v1.0.22
- Added installation permission note for scripts, helping users resolve "Permission denied" errors by restoring executable permissions or using explicit bash invocation.
- No changes to functionality or dependencies.
- Documentation now includes clearer instructions for running commands if install permissions are not set.
v1.0.21
- Added Devnet RPC URL validation
v1.0.20
- No code changes or feature updates in this release.
- Documentation in SKILL.md has been reformatted with minor corrections, but core content and instructions remain the same.
- Existing security warnings, usage instructions, and troubleshooting tips are unchanged.
v1.0.19
- Removed example trading agent file: examples/trading_agent.py.
- No user-facing features were changed.
- Internal codebase cleanup only; functionality is unchanged.
v1.0.18
- Updated security documentation: user is now solely responsible for ensuring RPC endpoints are set to Solana devnet; the skill will sign transactions for any provided RPC URL (Helius is recommended).
- Clarified security model details for transaction signing and Solana network usage.
- Other documentation edits for accuracy and improved safety guidance; no functional or code changes.
v1.0.17
- Security: Added input validation for league, amount, shares, and sport parameters in deposit, withdraw, and autonomous shell commands.
v1.0.16
- Enhanced the SKILL.md documentation with a new dedicated "Security Model" section.
- Clarified self-custody model: transactions are always signed client-side, keypairs never leave local storage, and mainnet transactions are explicitly refused by the signer.
- Expanded security warnings and usage restrictions around devnet vs. mainnet to help prevent accidental misuse of mainnet wallets or real funds.
- Reorganized and improved documentation for improved clarity, especially around file storage and transaction signing guarantees.
- No code changes; documentation and security explanation updates only.
v1.0.15
- Added a new section recommending Helius RPC for reliable Solana Devnet transactions, including setup instructions for obtaining a free API key.
- Clarified troubleshooting guidance about blockhash staleness and the need for a dedicated Solana RPC.
- Updated terminology from "cmUSDC" to "optnUSDC" where relevant in setup instructions.
- No code or file changes; documentation improvements only.
v1.0.14
- Improved trading functionality
- Removed the `scripts/moltbook_poster.py`.
v1.0.13
- VT & OC Scanner fixes
- No user-facing changes in this version.
v1.0.12
- Added official homepage link to documentation header.
- No code or functional changes. Documentation update only.
v1.0.11
- Dynamic sports detection.
- Snart intelligence added to moltbook_poster.py to prevent unnecessary account suspension.
v1.0.10
- Fixing VT & OC vulnerability scans
v1.0.9
- No user-facing changes in this release.
v1.0.8
- Security fixes
- Documentation added for clearer instructions between new & returning user setup.
v1.0.7
- Bug fix on line 553 in the scripts/optionns.sh
v1.0.6
v1.0.6
- Removed legacy path from signer.py
- `stdin` is now the only secure standard instruction path
v1.0.5
-v1.0.5: Vulnerability Fixes
- Added new dependencies on `solana-keygen` (≥1.14) and `spl-token` (≥3.0) system binaries for keypair and token account management.
- Updated requirements table to document `solana-keygen` for wallet creation during registration.
- Updated requirements table to include `spl-token` for token account creation (ATA).
- No changes to functionality or user workflow.
Metadata
Frequently Asked Questions
What is Optionns?
Autonomously monitor live sports games and execute micro-bets on one-touch barrier options with instant mockUSDC settlement on Solana Devnet. It is an AI Agent Skill for Claude Code / OpenClaw, with 1083 downloads so far.
How do I install Optionns?
Run "/install sports" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Optionns free?
Yes, Optionns is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Optionns support?
Optionns is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Optionns?
It is built and maintained by gigabit-eth (@gigabit-eth); the current version is v1.0.24.
More Skills