← 返回 Skills 市场
hanguang254

Polymarket Arb Bot

作者 0xshahai · GitHub ↗ · v3.3.5
cross-platform ⚠ suspicious
377
总下载
0
收藏
2
当前安装
10
版本数
在 OpenClaw 中安装
/install polymarket-arb-bot
功能描述
Polymarket 5-minute crypto UP/DOWN market automated trading bot. AI-powered prediction using Binance technical analysis (Position, Momentum, RSI, Volume), au...
安全使用建议
Key things to check before installing or running this skill: - Do not export or use private keys until you audit the repository. SKILL.md asks you to set POLYMARKET_PRIVATE_KEY / POLYMARKET_PROXY_ADDRESS; these are sensitive. Verify `wallet_backup.txt` does not contain any real private keys — treat it as compromised until proven otherwise and never reuse keys found in the repo. - The registry metadata underreports dependencies. The code uses node, puppeteer/playwright, openclaw CLI/browser tool, scrapling, and Python requirements. Follow the repo README and inspect requirements.txt and package.json; install deps in an isolated VM/container first. - Start with ENABLE_TRADING = False (or equivalent) and run in dry-run/simulated mode until you validate logic and network calls. Log all outgoing requests and subprocess calls during tests. - Search the repo for any plaintext secrets (API keys, private keys) and remove them. If `wallet_backup.txt` contains keys, assume they are compromised — do not fund those wallets. - Review any subprocess invocations (polymarket, node scripts, openclaw, playwright) and confirm you trust the binaries. Playwright downloads browsers and has nontrivial resource/attack surface; run in an isolated environment. - Consider using a hardware wallet / multisig (Gnosis Safe) with limited signing rights rather than placing private keys in environment variables or in source files. - If you plan to run with real funds: perform a security audit (dependency versions, network endpoints), run in a sandbox, and only use small amounts after testing. If you are not comfortable reviewing code or secrets, avoid running this skill with real wallets.
功能分析
Type: OpenClaw Skill Name: polymarket-arb-bot Version: 3.3.5 The skill bundle contains a functional Polymarket trading bot with several high-risk security concerns. Most notably, 'wallet_backup.txt' contains a plaintext private key, and multiple scripts ('auto_bot_v3.py', 'position_monitor.py', 'monitor_bets.py') contain hardcoded Telegram Bot tokens and a specific Chat ID (1609325006). This configuration causes the bot to exfiltrate all trading activity, including positions and profits, to a third-party Telegram account. While these features are technically aligned with the bot's stated purpose of automated trading and notification, the hardcoded nature of the credentials and the inclusion of a private key in the bundle pose a severe security and privacy risk to users.
能力评估
Purpose & Capability
The code and SKILL.md match the described purpose (automated trading on Polymarket using AI and Polymarket CLI). However the declared requirements in registry metadata are minimal (polymarket, python3) while the code actually expects many other tools (node, playwright, openclaw/browser tool, puppeteer/scrapling, requests/playwright Python libs). The single npm install mentioned in SKILL.md metadata (Polymarket CLI) is not sufficient for the repository's full runtime needs.
Instruction Scope
SKILL.md instructs the user to export POLYMARKET_PRIVATE_KEY and POLYMARKET_PROXY_ADDRESS (private credentials) but the registry metadata declares no required env vars. The runtime instructions and code call external APIs (Polymarket/Gamma API, clob.polymarket.com, Binance API) and run subprocesses (polymarket CLI, node scripts, openclaw CLI, playwright). The instructions also tell the user to place Telegram tokens inside scripts (editing source), which risks accidental credential leakage. The skill's instructions and included code reference reading/writing many local logs (logs/*) and a wallet_backup.txt file present in the repo.
Install Mechanism
The skill is marked as 'instruction-only' / no install spec in registry, but the package includes many code files and a package.json / requirements.txt. The SKILL.md metadata only suggests `npm i -g @polymarket/clob-client`; there is no explicit pip install of requirements.txt, no guidance to install Playwright browsers, no Node dependency installs for the included Node scripts, and no installation steps for openclaw/browser tool. This mismatch means a user following only the registry install metadata will miss many runtime dependencies; there is no single trusted release host for arbitrary binaries like Playwright or OpenClaw invoked via subprocess (higher friction and risk).
Credentials
Registry metadata declares no required env vars or primary credential, yet SKILL.md and code expect wallet credentials (POLYMARKET_PRIVATE_KEY, POLYMARKET_PROXY_ADDRESS) and the README/REPORT include wallet addresses and a `wallet_backup.txt` file in the repo. The code calls polymarket CLI commands that can operate on wallet keys and also invokes external endpoints. Requesting a private key for automated trading is plausible for a trading bot, but the fact that credentials are not declared by the package metadata and a wallet backup file is included in the repository is a red flag (possibility of exposed secrets or leftover sensitive artifacts).
Persistence & Privilege
The skill is not marked always:true and does not request to auto-enable itself system-wide. It suggests adding a watchdog to crontab for process restart, which is normal for long-running bots but is an elevated operational step the user must opt into. There is no evidence it modifies other skills' configs or escalates privileges by itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install polymarket-arb-bot
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /polymarket-arb-bot 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.3.5
- Added Kelly dynamic position sizing: bet size now automatically adjusts (3–10 units) based on confidence and EV. - Introduced Bayesian real-time confidence updating using ATR deviation for smarter stop-loss management. - Implemented pre-listing of sell orders 60–90 seconds before market close to secure liquidity. - Optimized stop-loss: immediate exit if confidence <60%, or 60–70% after 30s. - Fine-tuned risk for small balances by removing strict balance checks; Kelly strategy handles risk control. - Improved bet sizing granularity for specific Kelly ranges.
v3.3.4
- No code or documentation changes in this version. - Update includes a change to logs/trading_state.json only (likely runtime data). - No impact to functionality, user workflow, or interface.
v3.3.3
polymarket-arb-bot v3.3.3 - No user-facing changes recorded. - Documentation, state, and monitoring logic updated; main functionality unchanged.
v3.3.2
polymarket-arb-bot v3.3.2 - Updated SKILL.md with minor wording/parameter tweaks in the v3.4.0 changelog (提前止损逻辑 triggers after 30 seconds of wrong direction, not 60). - No functional logic changes to codebase detected from the provided files. - Updated documentation only; bot trading/monitoring logic remains unchanged.
v3.3.1
**v3.3.1 Changelog** - Documentation and configuration updated with latest information in SKILL.md. - Minor updates made to code and metadata files. - No new user-facing features or strategies added in this version.
v3.3.0
优化止盈窗口时间,从80-100秒改为入场后到结束前70秒,大幅提高触发率
v3.2.1
v3.2.1 - Updated documentation. - No code or logic changes; functionality remains the same.
v3.2.0
修复时间戳解析、平仓逻辑优化、止盈优先级调整
v3.1.0
v3.1.0: Playwright进程隔离优化,内存占用降低50%,添加平仓Telegram通知,增强异常处理,无EPIPE崩溃
v3.0.0
v3.0.0: Full automation - 60s AI analysis, auto betting, 270s position close, Telegram notifications, 15% profit taking, watchdog protection
元数据
Slug polymarket-arb-bot
版本 3.3.5
许可证
累计安装 2
当前安装数 2
历史版本数 10
常见问题

Polymarket Arb Bot 是什么?

Polymarket 5-minute crypto UP/DOWN market automated trading bot. AI-powered prediction using Binance technical analysis (Position, Momentum, RSI, Volume), au... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 377 次。

如何安装 Polymarket Arb Bot?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install polymarket-arb-bot」即可一键安装,无需额外配置。

Polymarket Arb Bot 是免费的吗?

是的,Polymarket Arb Bot 完全免费(开源免费),可自由下载、安装和使用。

Polymarket Arb Bot 支持哪些平台?

Polymarket Arb Bot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Polymarket Arb Bot?

由 0xshahai(@hanguang254)开发并维护,当前版本 v3.3.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论