← Back to Skills Marketplace

Opinion Skill

Name: Opinion Skill
Author: yuandiaodiaodiao

by a · GitHub ↗ · v0.1.1

cross-platform ⚠ suspicious

454

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install opinion-skill

Description

基于 bun 运行时的 Opinion 预测市场工具集，支持市场查询、订单簿查看及基于多签钱包的链上交易操作。

Usage Guidance

What to consider before installing: - The code implements exactly the described market queries and trading operations, but the registry metadata omitted important runtime requirements: you will need bun and (for trading) PRIVATE_KEY, MULTI_SIG_ADDRESS, and API_KEY. Treat these as highly sensitive. - Do not put your main wallet private key into .env on a system you do not fully trust. If you want to test, create a dedicated low‑value wallet/safe with limited funds and use that instead. - The scripts call two different external APIs: https://openapi.opinion.trade and http://newopinion.predictscanapi.xyz:10001. The latter is an HTTP (not HTTPS) host and is not obviously the official domain — this could expose query data (addresses, asset IDs) in transit and to the remote operator. Verify and prefer official HTTPS endpoints before sending sensitive queries. - The SKILL.md recommends installing bun via a remote installer (curl | bash). Prefer to install known runtime packages from trusted sources or use an isolated environment (container/VM) when running these scripts. - Because package.json lists dependencies, run 'bun install' only after you review package.json and the GitHub repo. Consider auditing @opinion-labs/opinion-clob-sdk version and the repo contents locally before providing any credentials. - Operational advice: run the code in an isolated environment (container or throwaway VM), inspect/verify the GitHub repo yourself, and use a test wallet. If you plan to allow autonomous agent actions, disable autonomous invocation or withhold PRIVATE_KEY until you are confident in the code and endpoints. If you want, I can: (1) list the exact locations in the code that read/write env vars and make external network calls, (2) fetch and show the GitHub repo README and commit history to help with provenance, or (3) suggest steps to run the scripts safely in a container and create a limited test wallet.

Capability Analysis

Type: OpenClaw Skill Name: opinion-skill Version: 0.1.1 The skill is classified as suspicious primarily due to the `SKILL.md` instructions for installing `bun`. It uses `curl -fsSL https://bun.sh/install | bash`, which is a high-risk supply chain vulnerability as it executes arbitrary remote code without prior inspection. While the core functionality of the skill (trading on a prediction market) appears legitimate and all network calls are directed to expected endpoints (`http://newopinion.predictscanapi.xyz:10001`, `https://openapi.opinion.trade/openapi`), the installation method introduces a significant security risk. The skill also handles sensitive user-provided credentials (`PRIVATE_KEY`, `MULTI_SIG_ADDRESS`, `API_KEY`) for blockchain transactions, which, while necessary for its function, underscores the importance of the initial installation's integrity.

Capability Assessment

⚠ Purpose & Capability

The skill claims an Opinion prediction‑market toolset and the scripts implement market queries and chain trades. However the registry metadata lists no required environment variables or binaries while the code and SKILL.md clearly require the bun runtime and environment variables (PRIVATE_KEY, MULTI_SIG_ADDRESS, API_KEY) for trading. That mismatch between declared requirements and actual needs is incoherent.

⚠ Instruction Scope

SKILL.md and the scripts stay within the described domain (market queries, caching, and trading) and explicitly avoid running trade scripts unless .env is configured. However the scripts make network calls to multiple external endpoints: an HTTPS openapi.opinion.trade host and an HTTP host (http://newopinion.predictscanapi.xyz:10001). Queries include user addresses and asset IDs (e.g., positions queries) which will be sent to those remote services. Using a non‑official/HTTP endpoint increases the risk that sensitive request context or probe activity could be observed or collected by a third party.

⚠ Install Mechanism

There is no formal install spec in the registry; SKILL.md instructs cloning from GitHub and running 'bun install' / using bun. It also suggests installing bun using 'curl https://bun.sh/install | bash' (a remote installer). While bun.sh is a known installer, instructing users to run a remote install script is higher risk than relying on preinstalled tooling. The package.json lists dependencies (@opinion-labs/opinion-clob-sdk, axios) so running bun install is necessary for trading scripts — this is not reflected in the registry metadata.

⚠ Credentials

Trading scripts legitimately require PRIVATE_KEY, MULTI_SIG_ADDRESS and API_KEY, and an RPC URL can be supplied. Those are sensitive secrets. The problem is the registry claims 'none' required; the primary credential is not declared. REQUESTING a user's private key is proportionate to performing on‑chain trades, but you must only provide such secrets to code you trust. Additionally, API requests are sent to a non‑standard HTTP host which could receive metadata about addresses/assetIds you query.

ℹ Persistence & Privilege

The skill is not always:true and does not request system‑wide configuration changes. It does create a cache under /root/opinionskills/scripts/.cache and assumes execution under /root/opinionskills, which implies root paths; that is a minor operational mismatch (it expects write access to /root). The skill can be invoked autonomously by the agent (platform default) — if you allow autonomous invocation and provide PRIVATE_KEY, the agent could perform transactions automatically. Combine that with the other concerns before granting credentials.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install opinion-skill
After installation, invoke the skill by name or use /opinion-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.1

- Added new script: `scripts/trades.ts` for querying trade history by assetId. - Updated documentation in SKILL.md to: - Describe `trades.ts` usage and options. - List `trades` in the quick command reference and environment variable section. - No breaking changes; data-querying functions expanded.

v0.1.0

Initial public release of Opinion CLOB Skills — Bun runtime toolkit for trading on the Opinion prediction market. - Provides command-line scripts for market data queries (search, price, orderbook, markets, positions) that require no configuration. - Supports full trading operations (buy, sell, cancel, balances, enable-trading) when environment variables and dependencies are set up. - Detailed step-by-step instructions included for environment setup, API access, and typical trading workflows. - Clarifies environment variable requirements, script capabilities, error handling, and command usage. - Supports both data queries and CLOB trading on BSC using Gnosis Safe wallets.

Metadata

Slug opinion-skill

Version 0.1.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Opinion Skill?

基于 bun 运行时的 Opinion 预测市场工具集，支持市场查询、订单簿查看及基于多签钱包的链上交易操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 454 downloads so far.

How do I install Opinion Skill?

Run "/install opinion-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Opinion Skill free?

Yes, Opinion Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Opinion Skill support?

Opinion Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Opinion Skill?

It is built and maintained by a (@yuandiaodiaodiao); the current version is v0.1.1.

More Skills