← 返回 Skills 市场
Openclaw Bot Prob Trade
作者
vlprosvirkin
· GitHub ↗
· v1.0.1
764
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-bot-prob-trade
功能描述
Autonomous trading bot for Polymarket via prob.trade. Run strategies, manage risk, scan markets. Requires the probtrade skill for API access.
安全使用建议
This repo appears to be a legitimate autonomous trading bot that relies on the separate probtrade skill for API access. Before installing or running it: 1) Keep dry_run enabled and test with python3 scripts/bot.py scan and status to verify behavior. 2) Review and trust the probtrade skill implementation you install — the bot imports its api_client directly, so a malicious or trojaned probtrade skill would be executed. 3) Provide API keys only to the probtrade skill (not to unknown third parties) and secure them (use Docker or a separate service account, limit permissions, chmod 600 on .env). 4) If deploying to a server, prefer container/sandbox isolation (Docker, dedicated user) and monitor network traffic and logs. 5) Expect financial risk: the bot can place real orders when dry_run is disabled. 6) If you plan to use strategies that need LLM / NOAA / social API keys, add those credentials sparingly and review the specific strategy code. If you want additional assurance, request a review of the probtrade skill's api_client and the omitted code files for any unexpected network endpoints or secrets exfiltration.
功能分析
Type: OpenClaw Skill
Name: openclaw-bot-prob-trade
Version: 1.0.1
The skill is designed for autonomous trading and uses external APIs for its functionality. It exhibits a significant vulnerability in `lib/engine.py` (and other strategy files like `lib/strategies/logic_arb.py`, `lib/strategies/weather_arb.py`, `lib/strategies/whale_tracking.py`) where it constructs `sys.path` using the `PROBTRADE_SKILL_PATH` environment variable. An attacker controlling this variable could inject a malicious `api_client.py` module, leading to arbitrary code execution. Additionally, the dynamic loading of strategy modules from `lib/strategies/__init__.py` presents a local file system vulnerability if an attacker can write files to that directory. While these are serious flaws that could enable attacks, there is no direct evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control within the provided code. The external network calls are to legitimate trading and LLM APIs, and API keys are used as intended for authentication.
能力评估
Purpose & Capability
Name and description (autonomous trading via prob.trade) match the code, docs, and declared requirements. The skill asks only for python3 and delegates API access to the probtrade skill, which is coherent for this purpose.
Instruction Scope
SKILL.md and README instruct the agent to run Python scripts, edit config.yaml, and install/configure the probtrade skill for API credentials. The engine inserts a path to a probtrade skill and imports api_client.fetch/trading_request — this is expected, but it means the bot will execute whatever the probtrade skill's api_client provides. The SKILL.md exposes optional env overrides (PROBTRADE_SKILL_PATH, DRY_RUN, LLM keys) — those are reasonable, but the default path insertion (../../openclaw-skill/lib) is worth noting as a supply-chain vector: if that path contains malicious code, it will be imported.
Install Mechanism
Only install step is a brew formula for python@3 to provide python3. Installing Python via a package manager is proportionate to a Python-based bot. (Note: brew on Linux requires Linuxbrew; the install instruction targets macOS/Linux which is reasonable but may need adjustment on some distros.)
Credentials
The skill itself does not declare required credentials; it correctly delegates API keys to the probtrade skill. Several strategies optionally require external API keys (LLM provider keys, NOAA token, social API keys) — these are documented and optional per-strategy. This is proportionate, but users must supply sensitive keys (prob.trade API key/secret, any LLM keys) for live trading; the skill will act using whatever keys are present via the probtrade skill or env vars.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request permanent platform-wide privileges or modify other skills' configs. Its install writes only the Python binary via brew (standard) and the repository contents; no elevated or stealthy persistence is requested by this skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-bot-prob-trade - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-bot-prob-trade触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Major update: Initial release of the autonomous Polymarket trading bot.
- Added standalone trading bot with market scanning, risk management, and strategy modules.
- Supports dry-run mode, balance/status checks, and strategy listing.
- Pluggable strategies included for momentum and pair arbitrage.
- New config system (`config.yaml`) for customizing strategies and risk limits.
- All bot actions and outputs are agent/AI-friendly (JSON/formatted text).
- Requires and integrates with the existing `probtrade` skill for API access.
v2.0.3
Major update: bot automation features removed, now focused on Polymarket analytics and trading utilities.
- Removed autonomous trading bot logic, strategies, and all bot-related scripts and libraries.
- Added new scripts for direct interaction with the prob.trade API (analytics, market data, and trading).
- Documentation updated to reflect new command-line tools and API key usage.
- Simplified configuration—now requires only prob.trade API credentials.
- Outputs structured JSON for all analytics and trading commands.
v1.0.0
- Initial release of probtrade-bot (version 1.0.0): an autonomous trading bot for Polymarket utilising the probtrade skill.
- Supports running pluggable trading strategies, market scanning, and risk management with customizable limits.
- Includes built-in strategies: momentum and pair arbitrage.
- Offers commands for running the bot, scanning markets, checking bot status, and listing available strategies.
- Provides clear setup instructions, environment variable overrides, and support for custom strategies.
- Requires the probtrade skill and Python 3.
元数据
常见问题
Openclaw Bot Prob Trade 是什么?
Autonomous trading bot for Polymarket via prob.trade. Run strategies, manage risk, scan markets. Requires the probtrade skill for API access. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 764 次。
如何安装 Openclaw Bot Prob Trade?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-bot-prob-trade」即可一键安装,无需额外配置。
Openclaw Bot Prob Trade 是免费的吗?
是的,Openclaw Bot Prob Trade 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Bot Prob Trade 支持哪些平台?
Openclaw Bot Prob Trade 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Bot Prob Trade?
由 vlprosvirkin(@vlprosvirkin)开发并维护,当前版本 v1.0.1。
推荐 Skills