← 返回 Skills 市场
650
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install polyclaw-pro
功能描述
Trade on Polymarket via split + CLOB execution. Browse markets, track positions with P&L, discover hedges via LLM. Includes automation tools: live portfolio...
安全使用建议
This skill is not obviously malicious, but it has multiple red flags you should resolve before trusting it with a real private key:
- Do not supply your main wallet private key. Instead test with an expendable account funded with minimal funds.
- Ask the author to explain why there are hard-coded wallet addresses (0x2aacf9...) and a funder address in multiple files. If those are sample/demo addresses, they should not be hard-coded in production code.
- Confirm and require OPENROUTER_API_KEY (and any other API keys) to be declared in the skill metadata if the LLM hedge feature is used.
- The code uses absolute root paths (/root/.openclaw/...). Run the skill in an isolated container or non-root account, and update config paths to be relative to the skill install directory.
- Review cron/job recommendations carefully before adding them; scheduled scripts will repeatedly use the private key to sign transactions.
- Verify the 'uv' brew formula source before installing; ensure 'uv sync' actually installs the Python dependencies (or run a venv and pip install from the included pyproject.toml yourself).
- If you need automation, prefer short-lived or constrained keys (e.g., delegate with a smart-contract-based allowance or use a hot wallet with limited funds) and perform a code audit for any network endpoints or unexpected external calls.
If the author cannot satisfactorily explain the hard-coded addresses, root paths, and undeclared env vars, treat the package as unsafe to run with any significant funds.
功能分析
Type: OpenClaw Skill
Name: polyclaw-pro
Version: 1.0.0
This skill is classified as suspicious due to its inherent high-risk capabilities, although these appear to be aligned with its stated purpose as a Web3 trading bot. Key indicators include the direct handling of a user's EVM private key (`POLYCLAW_PRIVATE_KEY`) from environment variables for signing and sending blockchain transactions (e.g., in `auto_redeem_check.py`, `discipline_scanner.py`), which is explicitly acknowledged as a security risk in `SKILL.md` and `README.md`. The skill also employs network proxies (Tor via `httpx[socks]` and `curl-cffi`) for Cloudflare bypass, and utilizes `subprocess.run` in `polyclaw_api.py` to execute other scripts (e.g., `swap.py`), which presents a potential Remote Code Execution (RCE) vulnerability if an AI agent were to be prompt-injected into passing malicious arguments. While these functionalities are necessary for a trading bot, their combined risk profile warrants a 'suspicious' classification rather than 'benign'.
能力评估
Purpose & Capability
The skill claims to trade on Polymarket and therefore legitimately needs an RPC node and a private key (CHAINSTACK_NODE, POLYCLAW_PRIVATE_KEY) and the uv binary. However many code files contain hard-coded wallet addresses (e.g., 0x2aacf9... used as WALLET/WALLET_ADDR/funder) and other constants that suggest parts of the code operate on or expect someone else's account rather than the installing user's wallet. README/SKILL.md also reference an OPENROUTER_API_KEY for LLM hedge discovery that is not declared in the skill's required env list. These mismatches (hard-coded wallets + undeclared but required credentials) are disproportionate to a straightforward user-facing trading tool and are an incoherence to flag.
Instruction Scope
Runtime instructions run on-chain transactions (approve, redeem, trades) which is expected. But the SKILL.md and scripts also: (1) suggest cron jobs running from absolute root paths (/root/.openclaw/skills/polyclaw), (2) include an API bridge (polyclaw_api.py) intended to be called via SSH from external bots (exposes portfolio and risk-check endpoints without additional auth), and (3) several scripts patch HTTP clients to route through a local Tor proxy. The code reads/writes state/config files under hard-coded root paths and references other files (.env, portfolio.json), widening the data surface beyond the declared manifests. These instructions and paths grant ongoing access and data flow that go beyond simple interactive CLI usage.
Install Mechanism
Install spec only installs the 'uv' brew formula. SKILL.md expects 'uv sync' to populate Python dependencies (pyproject.toml lists many packages). This is not malicious by itself, but the install description is incomplete: it assumes the uv tool will install required Python packages and create .venv. The brew source for 'uv' should be verified (third-party brew taps can be a risk). No arbitrary URL downloads or extract steps are present in the provided install spec.
Credentials
Primary credential POLYCLAW_PRIVATE_KEY is expected for signing transactions. But the skill's README/SKILL.md and some code reference additional sensitive env vars (OPENROUTER_API_KEY, HTTPS_PROXY, CLOB_MAX_RETRIES) that are not declared in the skill metadata. The code uses CHAINSTACK_NODE and the private key, but also frequently uses a fixed WALLET_ADDR for data API calls (meaning the skill will collect and display data about that address) and sometimes uses a different 'funder' address for CLOB calls. Requiring a full EVM private key is proportional for trading, but the combination of undeclared API keys and the presence of hard-coded addresses is suspicious and can lead to unintended data disclosure or action.
Persistence & Privilege
The skill does not set always:true, but SKILL.md and several scripts include explicit cron job examples (running as root, writing logs to /var/log) and code writes state files under /root/.openclaw/skills/polyclaw. These cron examples plus scripts that sign and send transactions with the provided private key create a persistent, scheduled capability to act with your credentials. Because the code also provides an API bridge intended for external invocation (SSH), persistent/automated use combined with the uncovered inconsistencies increases the blast radius.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install polyclaw-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/polyclaw-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
PolyClaw with live portfolio, auto-redeem, discipline scanner
元数据
常见问题
PolyClaw Pro 是什么?
Trade on Polymarket via split + CLOB execution. Browse markets, track positions with P&L, discover hedges via LLM. Includes automation tools: live portfolio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 650 次。
如何安装 PolyClaw Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install polyclaw-pro」即可一键安装,无需额外配置。
PolyClaw Pro 是免费的吗?
是的,PolyClaw Pro 完全免费(开源免费),可自由下载、安装和使用。
PolyClaw Pro 支持哪些平台?
PolyClaw Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PolyClaw Pro?
由 lmanchu(@lmanchu)开发并维护,当前版本 v1.0.0。
推荐 Skills