← 返回 Skills 市场
gigabit-eth

Optionns

作者 gigabit-eth · GitHub ↗ · v1.0.24
cross-platform ⚠ suspicious
1083
总下载
4
收藏
3
当前安装
25
版本数
在 OpenClaw 中安装
/install sports
功能描述
Autonomously monitor live sports games and execute micro-bets on one-touch barrier options with instant mockUSDC settlement on Solana Devnet.
安全使用建议
This skill appears coherent for autonomous devnet betting, but take these precautions before installing or running it: - Use throwaway/devnet-only keypairs; never point SOLANA_RPC_URL or keys to mainnet or reuse real wallets. - Review the included scripts (especially scripts/signer.py and scripts/optionns.sh) yourself — they perform local signing and will write private key material to ~/.config/optionns/ by default. - Verify the remote API hostname (https://api.optionns.com) independently (DNS, repo, website, or vendor identity). The skill will transmit your wallet address and receive API keys from that endpoint during registration. - Run the skill in an isolated environment (container/VM with restricted permissions and network egress) if you plan to allow autonomous invocation. - Consider pinning and reviewing the pip dependencies (solders, httpx) before pip installing; prefer a virtualenv and inspect packages where practical. - If you need stronger assurance, request a verified source/repository or reproducible build; absence of a trusted upstream (homepage/source unknown) lowers confidence. If you are uncomfortable verifying the remote endpoint or code, do not provide real credentials and avoid enabling autonomous runs that can register or transact on your behalf.
功能分析
Type: OpenClaw Skill Name: sports Version: 1.0.24 The skill is classified as suspicious due to its reliance on a third-party API (https://api.optionns.com) to provide Solana transaction instructions, which are then signed and submitted locally by the agent. While the skill explicitly enforces 'devnet-only' operation via `signer.py` and `strategy.py` to prevent mainnet interaction, a compromised API could still issue malicious instructions for the devnet, potentially leading to loss of mock funds. The `SKILL.md` and `README.md` are transparent about the skill's operations and security model, including warnings against using mainnet wallets, and do not contain any prompt injection attempts. Input sanitization is present in `optionns.sh` for user-provided arguments, mitigating shell injection risks. The local storage of keypairs with `600` permissions is appropriate, and the use of `solders` for structured transaction signing is robust. The primary concern is the trust placed in the external API for transaction logic, which represents a vulnerability if the API is compromised, rather than intentional malice from the skill itself.
能力评估
Purpose & Capability
Name/description (autonomous micro-betting on Solana devnet) match the code and instructions. The skill legitimately needs API access, wallet key material, and the solders/httpx Python libs for signing and HTTP calls; no unrelated credentials or system services are requested.
Instruction Scope
SKILL.md and the CLI/scripts instruct the agent to register, call the Optionns API, request faucet funds, create/store a local keypair at ~/.config/optionns/, and sign/submit transactions locally. These steps are expected for the stated purpose but grant the skill permission to generate and persist a keypair and an API credential and to communicate with the remote API — the README explicitly warns to use devnet-only throwaway keys.
Install Mechanism
No packaged install from third-party URLs; code is included in the skill bundle and Python dependencies are installed via pip from PyPI (requirements.txt lists solders and httpx). Pip installs are typical here but carry the usual supply-chain risk of PyPI packages.
Credentials
No required environment variables; optional vars (OPTIONNS_API_KEY, OPTIONNS_API_URL, SOLANA_RPC_URL, SOLANA_PRIVATE_KEY, SOLANA_PUBKEY/ATA) are proportional to a trading/signing client. The skill persists an API key and keypair locally and will send wallet_address to the remote API on register — behavior needed for operation but worth attention because it transmits identifying/auth data to an unverified endpoint.
Persistence & Privilege
The skill writes config and keypair files under ~/.config/optionns/ (600 perms) and logs positions locally. It does not demand 'always:true' or elevated system privileges; self-registration and autonomous operation are part of the product design but increase blast radius if the remote API or code is malicious.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sports
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sports 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.24
- Removed the `_meta.json` file. - No changes to features or code functionality.
v1.0.23
Fix auto mode: optionns.sh now calls strategy.py with positional 'auto' command instead of deprecated --mode flag.
v1.0.22
- Added installation permission note for scripts, helping users resolve "Permission denied" errors by restoring executable permissions or using explicit bash invocation. - No changes to functionality or dependencies. - Documentation now includes clearer instructions for running commands if install permissions are not set.
v1.0.21
- Added Devnet RPC URL validation
v1.0.20
- No code changes or feature updates in this release. - Documentation in SKILL.md has been reformatted with minor corrections, but core content and instructions remain the same. - Existing security warnings, usage instructions, and troubleshooting tips are unchanged.
v1.0.19
- Removed example trading agent file: examples/trading_agent.py. - No user-facing features were changed. - Internal codebase cleanup only; functionality is unchanged.
v1.0.18
- Updated security documentation: user is now solely responsible for ensuring RPC endpoints are set to Solana devnet; the skill will sign transactions for any provided RPC URL (Helius is recommended). - Clarified security model details for transaction signing and Solana network usage. - Other documentation edits for accuracy and improved safety guidance; no functional or code changes.
v1.0.17
- Security: Added input validation for league, amount, shares, and sport parameters in deposit, withdraw, and autonomous shell commands.
v1.0.16
- Enhanced the SKILL.md documentation with a new dedicated "Security Model" section. - Clarified self-custody model: transactions are always signed client-side, keypairs never leave local storage, and mainnet transactions are explicitly refused by the signer. - Expanded security warnings and usage restrictions around devnet vs. mainnet to help prevent accidental misuse of mainnet wallets or real funds. - Reorganized and improved documentation for improved clarity, especially around file storage and transaction signing guarantees. - No code changes; documentation and security explanation updates only.
v1.0.15
- Added a new section recommending Helius RPC for reliable Solana Devnet transactions, including setup instructions for obtaining a free API key. - Clarified troubleshooting guidance about blockhash staleness and the need for a dedicated Solana RPC. - Updated terminology from "cmUSDC" to "optnUSDC" where relevant in setup instructions. - No code or file changes; documentation improvements only.
v1.0.14
- Improved trading functionality - Removed the `scripts/moltbook_poster.py`.
v1.0.13
- VT & OC Scanner fixes - No user-facing changes in this version.
v1.0.12
- Added official homepage link to documentation header. - No code or functional changes. Documentation update only.
v1.0.11
- Dynamic sports detection. - Snart intelligence added to moltbook_poster.py to prevent unnecessary account suspension.
v1.0.10
- Fixing VT & OC vulnerability scans
v1.0.9
- No user-facing changes in this release.
v1.0.8
- Security fixes - Documentation added for clearer instructions between new & returning user setup.
v1.0.7
- Bug fix on line 553 in the scripts/optionns.sh
v1.0.6
v1.0.6 - Removed legacy path from signer.py - `stdin` is now the only secure standard instruction path
v1.0.5
-v1.0.5: Vulnerability Fixes - Added new dependencies on `solana-keygen` (≥1.14) and `spl-token` (≥3.0) system binaries for keypair and token account management. - Updated requirements table to document `solana-keygen` for wallet creation during registration. - Updated requirements table to include `spl-token` for token account creation (ATA). - No changes to functionality or user workflow.
元数据
Slug sports
版本 1.0.24
许可证
累计安装 4
当前安装数 3
历史版本数 25
常见问题

Optionns 是什么?

Autonomously monitor live sports games and execute micro-bets on one-touch barrier options with instant mockUSDC settlement on Solana Devnet. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1083 次。

如何安装 Optionns?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sports」即可一键安装,无需额外配置。

Optionns 是免费的吗?

是的,Optionns 完全免费(开源免费),可自由下载、安装和使用。

Optionns 支持哪些平台?

Optionns 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Optionns?

由 gigabit-eth(@gigabit-eth)开发并维护,当前版本 v1.0.24。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论