← 返回 Skills 市场
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install shenmeng-odds-monitor-v3
功能描述
盘口变化监控助手 - 实时监控足球、篮球等体育赛事的亚盘、欧赔、大小球盘口变化。检测异常波动、大额注单信号、机构态度转变。支持多平台对比、历史趋势分析、自动预警通知。当用户需要监控盘口变化、追踪赔率走势、发现投注机会时使用。
安全使用建议
This skill implements the advertised odds-monitoring features, but it embeds a hard-coded SkillPay API key in payment.py and has inconsistent environment/metadata declarations. Risks: (1) the embedded billing key is sensitive — if valid it can be abused or leaked; (2) the skill will call an external billing endpoint and attempt to charge users automatically, which is not fully documented in SKILL.md; (3) registry metadata and files disagree about which env vars are required.
Before installing or running:
- Do NOT run this on any machine with sensitive credentials or on production agents until the author fixes the issues.
- Ask the author to remove the hard-coded BILLING_API_KEY from source and require SKILLPAY_API_KEY be provided via environment/config; verify they rotate the exposed key if it has been published.
- Request clear documentation on how SKILLPAY_USER_ID is supplied and whether billing calls occur automatically on each invocation.
- Consider running the skill in an isolated environment (sandbox/container) and monitor outbound network calls to skillpay.me and api.the-odds-api.com.
- If you do not trust the billing provider or the author, do not install — you could be charged unexpectedly or expose the embedded key.
If you want, I can: (a) point to the exact lines containing the embedded key and the billing calls, (b) suggest a minimal patch to require SKILLPAY_API_KEY from env, or (c) produce instructions to run the code in a network-restricted sandbox for audit.
功能分析
Type: OpenClaw Skill
Name: shenmeng-odds-monitor-v3
Version: 1.0.0
The skill bundle implements a sports betting odds monitor but includes a non-standard monetization layer in 'payment.py' that integrates with an external service (skillpay.me). This file contains a hardcoded secret API key (sk_f03aa8...) and logic to automatically deduct funds from a user's account based on the 'SKILLPAY_USER_ID' environment variable. While the payment requirement is documented in 'SKILL.md', the presence of hardcoded credentials and automated financial transaction logic represents a significant security risk and atypical behavior for a skill bundle.
能力标签
能力评估
Purpose & Capability
The code implements an odds-monitor/analytics tool that legitimately uses an odds API and can send notifications — that aligns with the description. However metadata and code disagree about credentials: _meta.json claims SkillPay uses SKILLPAY_API_KEY/SKILLPAY_USER_ID, SKILL.md advertises pay-per-call, the repository metadata lists no required env vars, yet payment.py hard-codes a billing API key in source. Embedding a provider API key in code is unnecessary for the stated purpose and is disproportionate.
Instruction Scope
SKILL.md describes monitoring, data sources, and a top-of-file billing notice, which is consistent with the payment integration. But the runtime code (payment.py) will contact skillpay.me and attempt to charge users automatically (verify_payment / charge_user). The SKILL.md does not document how user identity is provided to billing (payment.py reads SKILLPAY_USER_ID env but defaults to 'anonymous_user'), nor does it explain the hard-coded billing key. The instructions therefore omit an important and potentially impactful runtime behavior (automatic remote billing calls).
Install Mechanism
No installer or remote download is used; the skill is delivered as source files and a requirements.txt (aiohttp, requests). That is lower-risk than arbitrary downloads. No obfuscated installers or remote code pulls were observed.
Credentials
The code expects ODDS_API_KEY (Odds API) and may use SKILLPAY_USER_ID, which are appropriate. But the repository metadata/registry claimed no required env vars while _meta.json declares billing API envs — inconsistent. Critically, payment.py contains a hard-coded BILLING_API_KEY (cleartext secret) and uses it to authorize billing calls to skillpay.me. Hard-coding a provider API key in shipped code is disproportionate and exposes a secret that should be stored in environment/config, not in source.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However it is allowed autonomous invocation (platform default). Combined with its ability to call the billing API and charge users, autonomous execution increases the blast radius: the skill can make network billing requests each time it runs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shenmeng-odds-monitor-v3 - 安装完成后,直接呼叫该 Skill 的名称或使用
/shenmeng-odds-monitor-v3触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Real-time sports odds monitoring tool.
- Monitors Asian Handicap, European Odds, and Over/Under market changes across football, basketball, and more.
- Detects abnormal fluctuations, large bet signals, and institutional attitude shifts.
- Supports cross-platform comparison, historical trend analysis, and automatic alert notifications.
- Usage examples and monitoring options provided for pre-match, in-play, and risk control scenarios.
- Integrated with SkillPay for pay-per-use access (0.01 USDT per call).
元数据
常见问题
Odds Movement Monitor 盘口监控 是什么?
盘口变化监控助手 - 实时监控足球、篮球等体育赛事的亚盘、欧赔、大小球盘口变化。检测异常波动、大额注单信号、机构态度转变。支持多平台对比、历史趋势分析、自动预警通知。当用户需要监控盘口变化、追踪赔率走势、发现投注机会时使用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Odds Movement Monitor 盘口监控?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shenmeng-odds-monitor-v3」即可一键安装,无需额外配置。
Odds Movement Monitor 盘口监控 是免费的吗?
是的,Odds Movement Monitor 盘口监控 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Odds Movement Monitor 盘口监控 支持哪些平台?
Odds Movement Monitor 盘口监控 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Odds Movement Monitor 盘口监控?
由 shenmeng(@shenmeng)开发并维护,当前版本 v1.0.0。
推荐 Skills