← 返回 Skills 市场

PolyClawster

Name: PolyClawster
Author: al1enjesus

作者 Ilya · GitHub ↗ · v1.5.0 · MIT-0

cross-platform ⚠ suspicious

392

总下载

当前安装

版本数

在 OpenClaw 中安装

/install polyclawster

功能描述

Trade on Polymarket prediction markets. Non-custodial — your agent generates a Polygon wallet, signs orders locally, and submits via polyclawster.com relay (...

安全使用建议

What to check before installing: - Review scripts/setup.js (not fully shown) to ensure it does not exfiltrate the private key or upload secrets to polyclawster.com during registration. The README claims the private key never leaves your machine, but you must verify the code path that registers the agent. - Inspect ~/.polyclawster/config.json after setup to confirm privateKey and API secrets remain local and have safe permissions (chmod 600). - Run the skill in demo/dry-run mode first (auto.js --demo or --dry-run) and test with the $10 demo balance before risking real funds. - Review on‑chain approvals: approve.js sets infinite allowances (MaxUint256) and setApprovalForAll for several operator addresses (including a 'Neg Risk Adapter'); infinite approvals are common but increase risk if the approved contract is malicious — verify the spender addresses and audit/confirm Polymarket/adapter contracts yourself. - Verify polyclawster.com is a trustworthy relay (look up project, code repo, and operators). The relay sees signed orders and agent metadata; if you don't trust the relay you can still trade directly but may need to adapt the scripts. - Audit npm dependencies (ethers, @polymarket/clob-client and their transitive deps) or run in an isolated environment. Prefer running the code in a disposable VM or container while evaluating. - Because the agent can be scheduled to trade autonomously, restrict its runtime (limit cron/agent permissions, monitoring, loss limits) until you are comfortable with behavior. If you want, I can: (a) scan the omitted setup.js for suspicious behavior if you paste it, (b) list the specific on‑chain addresses the code approves so you can look them up, or (c) suggest safe steps to sandbox and test this skill.

功能分析

Type: OpenClaw Skill Name: polyclawster Version: 1.5.0 The bundle implements a non-custodial Polymarket trading agent that generates and stores a Polygon private key locally in `~/.polyclawster/config.json`. While the scripts (`setup.js`, `trade.js`, `sell.js`) use local EIP-712 signing to ensure the private key is never transmitted, the architecture relies heavily on a third-party relay (`polyclawster.com`) for geo-bypass and trading signals (`auto.js`). Although the behavior is clearly aligned with the stated purpose and includes security best practices like `chmod 600` for the config file, the inherent risks of local plaintext key management and the dependency on an external relay for transaction execution qualify it as suspicious under the provided criteria.

能力评估

✓ Purpose & Capability

Name/description match the code: scripts generate a local Polygon wallet, sign orders locally (ethers.Wallet), call polyclawster.com relay/APIs and Polymarket CLOB. Requested binaries and network hosts align with trading on Polygon/Polymarket.

⚠ Instruction Scope

Most runtime instructions are scoped to trading: generate wallet, swap POL→USDC.e, approve contracts, sign orders locally, post to polyclawster.com. However the critical setup script (scripts/setup.js) was not included in the inspected snippets; loadConfig() and setup/registration paths are central to security (they read/write ~/.polyclawster/config.json). You should review setup.js to confirm it does not transmit the private key or store secrets to remote servers during registration.

ℹ Install Mechanism

No install spec (instruction-only) but package.json/package-lock are present and list npm deps (ethers, @polymarket/clob-client). Installing will pull packages from npm (expected). This is a moderate risk (typical) — verify dependencies and prefer installing in a sandboxed environment before running with real funds.

ℹ Credentials

No environment variables are requested; the skill uses a local config file (~/.polyclawster/config.json) to store privateKey and CLOB creds (chmod 600 recommended in README). This is proportionate to a non‑custodial agent but the secret storage location is sensitive — confirm the config is only written locally and not POSTed to third parties by setup.js.

ℹ Persistence & Privilege

always:false (normal). The skill supports autonomous trading (auto.js) and is intended to be run on a schedule; combined with the ability to hold and sign transactions this gives it direct control over funds while active. This is expected for a trading agent but is high-impact if buggy or malicious—recommend demo mode and restricted cron settings first.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install polyclawster
安装完成后，直接呼叫该 Skill 的名称或使用 /polyclawster 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.5.0

POL funding flow, auto-swap POL→USDC.e, updated README and SKILL.md

v1.3.7

polyclawster v1.3.7 - No file changes detected in this release. - No new features, bugfixes, or documentation updates were introduced.

v1.3.6

- Update version to 1.3.6 in package.json. - No other changes to logic, features, or documentation.

v1.3.5

- Updated dependencies in package.json. - No changes to documentation or functionality.

v1.3.4

- Updated package.json for version 1.3.4. - No functional or documentation changes in this release.

v1.3.3

**Polyclawster 1.3.3 Changelog** - Updated documentation for improved clarity on how to use the skill with OpenClaw agent. - Expanded usage examples with natural language command formats. - Improved instructions for setting up automated (cron) auto-trading via OpenClaw. - Clarified credentials section, emphasizing API key handling and security. - Added a builder attribution and dashboard link in documentation. - No changes to core code or APIs; documentation updates only.

v1.3.2

- Added read permission for the config file in skill metadata to support read access from scripts. - Updated OpenClaw permissions in SKILL.md for improved compatibility. - No changes to core logic or usage; documentation and metadata cleanup only.

v1.3.1

- Major rewrite: switched from standalone CLI scripts to an agent-based, non-custodial architecture. - Private keys are now generated and stored locally; orders are signed client-side and relayed via a geo-bypass proxy. - Added new scripts: approve.js, auto.js, browse.js, link.js, sell.js; removed legacy trading and search scripts. - Enhanced demo trading, AI signal auto-trading, and integration with polyclawster.com agent profiles. - Updated documentation and security model to reflect agent-first workflow and improved privacy.

v1.1.0

Search any market, auto-setup wallet, trade any market by slug or conditionId

元数据

Slug polyclawster

版本 1.5.0

许可证 MIT-0

累计安装 3

当前安装数 3

历史版本数 9

常见问题

PolyClawster 是什么？

Trade on Polymarket prediction markets. Non-custodial — your agent generates a Polygon wallet, signs orders locally, and submits via polyclawster.com relay (... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 392 次。

如何安装 PolyClawster？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install polyclawster」即可一键安装，无需额外配置。

PolyClawster 是免费的吗？

是的，PolyClawster 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

PolyClawster 支持哪些平台？

PolyClawster 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 PolyClawster？

由 Ilya（@al1enjesus）开发并维护，当前版本 v1.5.0。