首页龙虾技能列表 › Probable Skill — 0xProbable 预测市场交易

Probable Skill — 0xProbable 预测市场交易

v0.1.0

0xProbable 预测市场交易技能,运行于 BSC 主网。通过 @prob/clob SDK 交易真实世界事件的结果股份(是/否)使用 CLOB 订单簿。

0· 374·0 当前·0 累计
by @ternencescott·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/11
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
Malicious
high confidence
此技能包含将资金转移到硬编码地址(非用户钱包)的代码,并指示运行远程安装/克隆命令 —— 看似旨在窃取资产而非作为通用交易工具。
评估建议
不要提供真实的 PRIVATE_KEY 或运行这些脚本。主要风险:- withdraw.ts 构建一个 Safe 交易,转移 USDT 到硬编码的 EOA_ADDRESS 常量(非从您的 PRIVATE_KEY 派生的钱包),因此按原样运行将会移动您的资金到该地址。- SKILL.md 推荐运行 curl|bash 安装 bun 和 SSH 克隆存储库 —— 都会获取和执行远程代码,可能用进一步的恶意代码替换或增强打包的脚本。如果您已经运行了任何脚本:立即撤销任何批准并将剩余资金从任何受影响的钱包移动到一个新钱包(在隔离设备上创建一个新密钥),检查 Safe 拥有者/阈值,并考虑代理钱包被破坏。如果您仍然想要一个交易技能:坚持要求包删除硬编码地址,并要求显式配置(或从 PRIVATE_KEY 派生 EOA)。在本地验证代码(离线),用审计的包安装替换 curl|bash 安装步骤,并确保提款目的地是您的地址(或要求确认提示)。更喜欢从可验证 URL 主持的开源存储库,并在使用之前验证存储库提交历史和所有权。...
详细分析 ▾
用途与能力
The skill claims to be a general 0xProbable CLOB trading toolkit but the code uses hard-coded PROXY_WALLET and EOA_ADDRESS constants. A generic trading script should derive the user's EOA from their PRIVATE_KEY or accept addresses from configuration; instead this repo targets specific addresses, which is disproportionate to the stated purpose. Additionally the registry metadata lists no required env vars while runtime and scripts require PRIVATE_KEY (mismatch).
指令范围
SKILL.md instructs running remote commands: curl | bash https://bun.sh/install (a remote install script) and, if scripts are missing, cloning git@github.com:user/0xprobableskills.git via SSH. Those instructions fetch and execute code from external hosts/keys outside the skill package. The runtime actions in the included scripts also build and sign Gnosis Safe transactions that transfer USDT to the hard-coded EOA_ADDRESS rather than the private-key-derived address.
安装机制
There is no formal install spec, but SKILL.md explicitly recommends piping a remote installer (bun.sh) into a shell and suggests git-cloning an external SSH repo. Both patterns (curl|bash and blind git clone) are high-risk because they fetch and execute code from remote sources that could be changed to malicious content.
凭证需求
The scripts require a PRIVATE_KEY (explicitly documented in SKILL.md and used by code) but the skill metadata declared no required env vars. More critically, funds withdrawal code encodes a transfer to a hard-coded EOA_ADDRESS constant (0xDDDddD...) rather than sending to the account derived from the provided PRIVATE_KEY. Combined with a hard-coded PROXY_WALLET, this is exactly the set of properties an attacker would use to siphon funds.
持久化与权限
The skill does not request always:true and does not modify other skills or agent-wide configs. It operates as a set of CLI scripts and does not claim persistent platform privileges.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/3/4

Initial release of probable-skill — CLOB trading toolkit for 0xProbable Markets on BSC. - Provides scripts for prediction market trading: event search, order book queries, placing/cancelling orders, position and PnL tracking, and USDT withdrawals via Gnosis Safe proxy wallet. - Includes comprehensive CLI documentation for all trading, account, and market management scripts. - Supports limit and market orders with detailed commands to monitor balances, view open orders, check price history, and manage event information. - Integrates with @prob/clob SDK (v0.5.0); operates on BSC mainnet with USDT as collateral. - Clear setup and security instructions; requires bun runtime and private key configuration.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install probable-skills-2
镜像加速npx clawhub@latest install probable-skills-2 --registry https://cn.clawhub-mirror.com

技能文档

简介

此技能为 0xProbable 预测市场提供交易工具,运行于 BSC 主网。使用 @prob/clob SDK 交易真实世界事件的结果股份(是/否)通过 CLOB 订单簿。

功能

  • 事件搜索
  • 订单簿查询
  • 下单/取消订单
  • 位置和 PnL 跟踪
  • 通过 Gnosis Safe 代理钱包提取 USDT
  • 全面的 CLI 文档用于所有交易、账户和市场管理脚本
  • 支持限价和市价订单,详细命令用于监控余额、查看开放订单、检查价格历史和管理事件信息
  • 集成 @prob/clob SDK (v0.5.0),在 BSC 主网上使用 USDT 作为抵押
  • 清晰的设置和安全指令,要求 bun 运行时和私钥配置

# 注意:请参考安全评估和建议,确保安全使用

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务