← 返回 Skills 市场
cnica

polymarket-predictradar-data-layer-skills

作者 Yeri · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
83
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install polymarket-predictradar-data-layer-skills
功能描述
Shared Polymarket and prediction-market data access layer. Use this skill whenever another skill or task needs trader positions, trade history, market metada...
安全使用建议
This skill appears to implement the claimed Polymarket/PredicTradar data layer, but several implementation details are inconsistent with the declared metadata and introduce risk: - The code expects/reads environment variables (MCP_URL, MCP_API_KEY) and proxy env vars even though the registry metadata lists no required env. If you set MCP_API_KEY, treat it as a secret and only provide it in a controlled environment. - The skill runs local commands to detect proxies (scutil, python3 via execFileSync). If you run this on a machine where those binaries exist, they will be executed. Consider running in an isolated container if you are concerned. - The gamma-client disables TLS certificate verification (rejectUnauthorized: false) when establishing TLS connections; this weakens transport security and can expose you to man-in-the-middle tampering of gamma-api.polymarket.com interactions. - The skill writes cache files under scripts/cache and includes a warm-up script that performs many queries; expect disk usage and potentially heavy network/API usage. Review and control when/if init.js is run. - The absence of declared env requirements is an inconsistency — ask the publisher (or inspect code) before supplying any credentials or exposing sensitive networks. If you decide to install, run it in a sandboxed environment, avoid supplying sensitive credentials unless necessary, and consider patching the TLS setting (enable certificate verification) and removing or restricting local exec calls if you cannot trust the runtime.
功能分析
Type: OpenClaw Skill Name: polymarket-predictradar-data-layer-skills Version: 1.0.0 The skill bundle provides a sophisticated data access layer for Polymarket via an MCP server and the Gamma API. It is classified as suspicious due to several high-risk security vulnerabilities: `gamma-client.js` explicitly disables TLS certificate verification (`rejectUnauthorized: false`), which exposes the agent to Man-in-the-Middle (MitM) attacks. Additionally, `proxy-config.js` executes system-level commands (`scutil`) and spawns a `python3` process to detect proxy settings. While these implementations appear to be functional choices for handling network environments without external dependencies, they represent significant security flaws and invasive system interactions.
能力评估
Purpose & Capability
The package implements a prediction-market data layer (mcp-client, queries, gamma-client, smartmoney) which matches the declared purpose. However the manifest declared 'required env vars: none' while the code reads MCP_URL and MCP_API_KEY (mcp-client.js) and also inspects HTTPS_PROXY/HTTP_PROXY (proxy-config.js). It executes platform tools (scutil, python3) to detect proxies even though no binaries were declared as required. These undeclared runtime dependencies and env var hooks are inconsistent with the skill metadata.
Instruction Scope
SKILL.md instructs usage of the MCP wrapper, which is consistent. But the included scripts do extra things beyond simple read-only requests: they create and manage local cache files under scripts/cache (cache.js), run a cache warm-up sequence that will perform many queries (init.js, daily-report.js), and detect system proxy settings by executing scutil and python3 (proxy-config.js). Those operations read/write local filesystem state and run local commands rather than only performing remote read-only API calls; the runtime instructions do not fully call these out.
Install Mechanism
There is no install spec (instruction-only), which reduces supply-chain risk. But the skill includes many code files that will run inside the agent environment; no build/install step is required and files will execute at runtime. That is coherent but means the skill will run Node code in the agent runtime with filesystem and network access.
Credentials
Code reads/uses environment variables not declared in the skill metadata: MCP_URL and MCP_API_KEY (mcp-client.js) and standard proxy env vars (HTTPS_PROXY/HTTP_PROXY) plus system proxy detection. MCP_API_KEY is a sensitive credential; the skill does not declare it as required or primary. The default MCP_API_KEY falls back to a public key string, but the ability to override via env means sensitive secrets could be provided — the skill does not document or request them explicitly in metadata.
Persistence & Privilege
The skill does not request always:true and does not alter other skills' configs. It writes cache files under scripts/cache and includes a warm-up script (init.js) that can create persistent cache artifacts and perform heavy querying. Writing cache to disk is expected for a data-layer but is persistent and can grow; this is legitimate but worth noting.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install polymarket-predictradar-data-layer-skills
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /polymarket-predictradar-data-layer-skills 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Polymarket data access layer, providing a unified interface for market and trader intelligence. - Features automatic MCP session handshake and prioritizes the PredicTradar MCP Server as the primary data source, with fallbacks to polymarket-cli and Polymarket Data API. - Exposes high-level tools for trader positions, detailed market data, trade history, leaderboards, and SQL-based analytics. - Documents full MCP tool catalog, table schemas for `trades` and `positions`, and example usage patterns. - Introduces convenience wrappers for key operations and details recommended environment variables. - Provides example and helper scripts for integration and data exploration.
元数据
Slug polymarket-predictradar-data-layer-skills
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

polymarket-predictradar-data-layer-skills 是什么?

Shared Polymarket and prediction-market data access layer. Use this skill whenever another skill or task needs trader positions, trade history, market metada... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 83 次。

如何安装 polymarket-predictradar-data-layer-skills?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install polymarket-predictradar-data-layer-skills」即可一键安装,无需额外配置。

polymarket-predictradar-data-layer-skills 是免费的吗?

是的,polymarket-predictradar-data-layer-skills 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

polymarket-predictradar-data-layer-skills 支持哪些平台?

polymarket-predictradar-data-layer-skills 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 polymarket-predictradar-data-layer-skills?

由 Yeri(@cnica)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论