← 返回 Skills 市场
xqw1377-prog

庄家异动探测器

作者 xqw1377-prog · GitHub ↗ · v1.3.0
cross-platform ⚠ suspicious
355
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install poly-hunter-final
功能描述
实时监控 Polymarket 链上大额资金异动,自动分析庄家持仓变化与胜率,支持SkillPay 0.01U支付。
安全使用建议
Do not install or run this skill until the developer fixes the issues. Specific actions to take: 1) Treat the embedded SKILLPAY_API_KEY as compromised — do not rely on it; if you control that SkillPay account rotate/revoke the key immediately. 2) Require the developer to remove hardcoded secrets and read SKILLPAY_API_KEY from an environment variable or secret manager; update SKILL.md to document required env vars. 3) Fix the runtime bug (undefined API_KEY) and re-test. 4) Confirm the SkillPay account used is owned by the skill author and you accept paying through it; otherwise configure your own SkillPay credentials. 5) Consider the permissive network/CORS settings and ensure you are comfortable with outbound network calls to api.skillpay.me and clob.polymarket.com. If you don't trust the author or cannot get these fixes, classify this skill as unsafe to use.
功能分析
Type: OpenClaw Skill Name: poly-hunter-final Version: 1.3.0 The skill contains a hardcoded SkillPay API key in `main.py`, which is a significant security vulnerability (credential exposure). Additionally, the code contains several logic errors, such as referencing the `app` instance and an undefined `API_KEY` variable before they are properly initialized, which would cause the service to crash. While the core functionality for monitoring Polymarket data aligns with the stated purpose, these implementation flaws and hardcoded secrets represent high-risk coding practices.
能力评估
Purpose & Capability
The code implements Polymarket market fetching and SkillPay payment flows, which aligns with the description. However metadata is inconsistent: the top-level registry summary said 'required env vars: none' and SKILL.md omitted credentials, while skill.yaml declares SKILLPAY_API_KEY as required. The presence of an embedded SKILLPAY_API_KEY literal in main.py is disproportionate (a runtime env var should be used).
Instruction Scope
SKILL.md gives only a high-level description and deployment note; the actual code performs network calls to Polymarket and SkillPay and implements payment polling and charge creation. The code also enables very permissive CORS (allow_origins=['*'], allow_origin_regex='.*'). Additionally, the GET /invoke handler references an undefined API_KEY variable (likely a bug) which will raise a runtime error; this mismatch between instructions and actual runtime behavior is concerning.
Install Mechanism
There is no install-from-URL behavior; requirements.txt lists standard Python packages (fastapi, uvicorn, requests, pydantic). No archive downloads or unusual install steps are present.
Credentials
The skill requires network access and a SkillPay API key (skill.yaml). That is proportionate to payment functionality, but main.py contains a hardcoded SKILLPAY_API_KEY string embedded in the source — this is a secret leak and unacceptable. Also SKILL.md did not document the env var requirement, and the registry summary initially claimed none, producing confusing and potentially dangerous expectations for users. If that embedded key is valid, it has already been exposed and should be rotated.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install poly-hunter-final
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /poly-hunter-final 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
PolyHunter 1.3.0 introduces whale activity detection and SkillPay integration: - 实时监控 Polymarket 上大额资金异动。 - 自动分析庄家持仓变化及胜率分布。 - 新增 SkillPay 0.01U 支付门槛保障情报价值。 - 运行于 FastAPI,支持并发 API 与支付回调处理。 - 由星爷选股逻辑支撑,面向 Web3 投资者。
元数据
Slug poly-hunter-final
版本 1.3.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

庄家异动探测器 是什么?

实时监控 Polymarket 链上大额资金异动,自动分析庄家持仓变化与胜率,支持SkillPay 0.01U支付。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 355 次。

如何安装 庄家异动探测器?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install poly-hunter-final」即可一键安装,无需额外配置。

庄家异动探测器 是免费的吗?

是的,庄家异动探测器 完全免费(开源免费),可自由下载、安装和使用。

庄家异动探测器 支持哪些平台?

庄家异动探测器 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 庄家异动探测器?

由 xqw1377-prog(@xqw1377-prog)开发并维护,当前版本 v1.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论