← 返回 Skills 市场
georges91560

Polymarket Oracle

作者 Wesley Armando · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
467
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install polymarket-oracle
功能描述
Multi-strategy arbitrage and trading bot for Polymarket prediction markets. Scans ALL markets (crypto, politics, sports, economics, entertainment) for parity...
安全使用建议
This package implements a real-money trading bot and needs your Polymarket API key/secret/passphrase — that part is expected. Key concerns: (1) The manifest metadata is inconsistent with the SKILL.md/code (metadata claims no env vars but the code requires credentials). (2) The docs both tell you NOT to store your WALLET_PRIVATE_KEY on the server and then provide a systemd example that embeds it into the service file/credentials file — do not follow that example. Best practices before installing: generate Polymarket API keys locally using your wallet private key, then provide only the API_KEY/SECRET/PASSPHRASE to the running bot; never put your wallet private key on the server or in systemd Environment lines. Run the bot in simulation mode first; review the full code yourself (or have a trusted reviewer) to confirm it only uses the API keys for trading and does not exfiltrate credentials. If you proceed, store credentials in a tightly permissioned EnvironmentFile (chmod 600 root:root), avoid embedding secrets in unit files, and consider running within an isolated VM/container with restricted network access and monitoring. If you want greater assurance, ask the author to fix the manifest (declare required env vars and remove contradictory examples) and to remove any examples that recommend embedding private keys in service units.
功能分析
Type: OpenClaw Skill Name: polymarket-oracle Version: 1.0.1 The Python code (`polymarket_oracle.py`) itself appears benign, adhering to declared network behaviors and not using the `WALLET_PRIVATE_KEY` at runtime for trading, despite reading it from environment variables. However, the documentation contains a critical vulnerability: `README.md` and `SYSTEMD_SETUP.md` explicitly instruct users to set `WALLET_PRIVATE_KEY` as an environment variable on the server, directly contradicting the strong security warnings in `SKILL.md` and `CONFIGURATION.md` that state it's 'ONLY for initial API key creation, not runtime'. This inconsistency could lead users to unnecessarily expose their wallet private key on the server, creating a significant security risk if the server is compromised.
能力评估
Purpose & Capability
The name/description (Polymarket arbitrage bot) match the included code and runtime behavior (scanning Polymarket APIs and placing orders). Requiring POLYMARKET_API_KEY/SECRET/PASSPHRASE is appropriate for trading. However the registry metadata claimed no required env/configs while SKILL.md and code require API credentials — a mismatch in metadata vs implementation.
Instruction Scope
Runtime instructions and docs explicitly instruct reading/writing credentials files (e.g., /etc/polymarket-oracle/credentials.env), creating API keys using a wallet private key, and show a systemd unit that embeds secrets. The docs both warn against storing the WALLET_PRIVATE_KEY on the server and simultaneously provide a systemd example that places WALLET_PRIVATE_KEY in Environment lines (contradiction). The instructions therefore allow (and even encourage, via the service example) storing highly sensitive secrets on the running host — scope creep beyond a scanner-only role.
Install Mechanism
There is no automated install spec (instruction-only install), and the code uses only the Python standard library at runtime. The README/config suggest optionally installing py-clob-client locally to create API keys; this is reasonable. No arbitrary network-installs or downloads from suspicious hosts are present in the manifest. Risk is primarily operational (how user deploys), not from a packaged installer.
Credentials
Requesting Polymarket API_KEY/SECRET/PASSPHRASE is proportionate to trading. However the presence of WALLET_PRIVATE_KEY in multiple places (env docs, systemd service example, credentials file examples) is problematic: the project alternately says 'only use private key locally once' and then shows ways to put the private key on the server/service. Registry metadata omitted required env vars entirely, increasing confusion. The skill thus mixes appropriate credential requests with instructions that could expose full-wallet private keys — disproportionate if the intent is only to run trades via API keys.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. The documentation strongly encourages running the bot as a systemd service (enable on boot, auto-restart) which increases persistence on a host — normal for a trading bot. Combined with the unsafe secret-handling examples, persistent deployment increases the blast radius if secrets are stored insecurely.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install polymarket-oracle
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /polymarket-oracle 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Changed env var requirements: now POLYMARKET_API_KEY, POLYMARKET_SECRET, POLYMARKET_PASSPHRASE are required; TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, WALLET_PRIVATE_KEY are optional or only needed for specific actions. - Updated SKILL.md metadata to clarify which environment variables are required versus optional, and for what purpose. - No changes to bot strategies or core functionality.
v1.0.0
Initial release of Polymarket Oracle — a multi-strategy trading bot for Polymarket prediction markets. - Scans all Polymarket markets (crypto, politics, sports, economics, etc.) for arbitrage and trading opportunities. - Implements six strategies: parity arbitrage, logical arbitrage, tail-end trading, market making, latency arbitrage, and AI-powered combinatorial arbitrage. - Sends real-time alerts to Telegram about detected opportunities and performance. - Features automated market categorization, configurable capital allocation, and built-in risk management with circuit breakers. - Supports high-speed parallel scanning and order placement using authenticated API and WebSocket connections with secure credential handling.
元数据
Slug polymarket-oracle
版本 1.0.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Polymarket Oracle 是什么?

Multi-strategy arbitrage and trading bot for Polymarket prediction markets. Scans ALL markets (crypto, politics, sports, economics, entertainment) for parity... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 467 次。

如何安装 Polymarket Oracle?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install polymarket-oracle」即可一键安装,无需额外配置。

Polymarket Oracle 是免费的吗?

是的,Polymarket Oracle 完全免费(开源免费),可自由下载、安装和使用。

Polymarket Oracle 支持哪些平台?

Polymarket Oracle 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Polymarket Oracle?

由 Wesley Armando(@georges91560)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论