← 返回 Skills 市场
xqw1377-prog

庄家异动探测器

作者 xqw1377-prog · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
374
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install poly-hunter
功能描述
实时监控 Polymarket 庄家大额资金异动,自动分析持仓和胜率,支持 SkillPay 0.01U 加密支付。
安全使用建议
Do NOT install or enable this skill until the developer addresses the hardcoded API key and provenance concerns. Specific actions to request or take before installing: 1) Ask the publisher for a public source repo and proof of ownership of the SkillPay account; 2) Require removal of the hardcoded SKILLPAY_API_KEY from main.py and that the code read the API key from an environment variable or secret store; 3) Have the developer rotate/revoke the exposed API key immediately (assume it may be compromised); 4) Verify billing behavior in a safe test environment — who receives the 0.01 USDT payments and whether that is intended; 5) If you must test, run the skill in an isolated sandbox or VM and monitor network traffic, and do not provide any of your own credentials or wallets. The unknown source and embedded secret are concrete red flags; treat this package as untrusted until resolved.
功能分析
Type: OpenClaw Skill Name: poly-hunter Version: 1.1.0 The skill contains a hardcoded secret API key (sk_...) in main.py, which is a significant security vulnerability and overrides the environment variable configuration defined in skill.yaml. Additionally, the /invoke endpoint implements a synchronous polling loop with time.sleep(), which could lead to resource exhaustion or execution timeouts for the OpenClaw agent. The skill interacts with api.skillpay.me and clob.polymarket.com.
能力评估
Purpose & Capability
The code behavior (fetch Polymarket endpoints; create and poll SkillPay charges) matches the stated purpose. However metadata inconsistencies exist: registry metadata reported no required env vars while skill.yaml declares SKILLPAY_API_KEY required, yet main.py ignores the env var and embeds a literal SKILLPAY_API_KEY. Embedding a payment service secret in the code does not align with normal, least-privilege design for this purpose.
Instruction Scope
SKILL.md describes running a FastAPI service and handling payments which is consistent with main.py. The runtime does network calls to Polymarket and SkillPay only and runs an /invoke endpoint, and it does not read unrelated system files. The doc does not warn about the embedded API key or the service exposing a public HTTP endpoint with permissive CORS.
Install Mechanism
No download-from-URL or arbitrary install steps; dependencies are standard Python packages listed in requirements.txt. The skill will run a FastAPI server (uvicorn) — there is no unusual install mechanism, but the repository is the source of truth and contains the hardcoded secret.
Credentials
skill.yaml declares SKILLPAY_API_KEY as a required env variable (which is reasonable for payment integration), but main.py does not read SKILLPAY_API_KEY from the environment and instead hardcodes a long 'sk_...' secret. That embedded API key is sensitive and disproportionate for a publicly distributed skill; it's unclear who controls the key and which account will receive payments. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and only needs network permission (declared in skill.yaml). It will run an HTTP endpoint which is expected for this functionality.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install poly-hunter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /poly-hunter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
No user-facing changes in this version. - Version update with no modifications to features or documentation.
v1.0.1
Initial release of PolyHunter. - Real-time monitoring of large fund movements on Polymarket. - Automated analysis of whale positions and win rates. - SkillPay 0.01U payment integration to access insights. - Runs on FastAPI with concurrent API support and crypto payment callback handling.
v1.0.0
PolyHunter v1.0.0 – Initial Release - Monitors large fund movements on Polymarket in real-time. - Automatically analyzes whale positions and win rate distributions. - Integrates a SkillPay payment gateway with a 0.01U minimum fee. - Runs on FastAPI, supporting concurrent API calls and automated crypto payment callbacks. - Built to provide accurate market insights for Web3 investors.
元数据
Slug poly-hunter
版本 1.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

庄家异动探测器 是什么?

实时监控 Polymarket 庄家大额资金异动,自动分析持仓和胜率,支持 SkillPay 0.01U 加密支付。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 374 次。

如何安装 庄家异动探测器?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install poly-hunter」即可一键安装,无需额外配置。

庄家异动探测器 是免费的吗?

是的,庄家异动探测器 完全免费(开源免费),可自由下载、安装和使用。

庄家异动探测器 支持哪些平台?

庄家异动探测器 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 庄家异动探测器?

由 xqw1377-prog(@xqw1377-prog)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论