📦 Horizon SDK — 预测交易工具
v0.5.5一站式 Polymarket、Kalshi 等预测市场 SDK,集成下单、仓位、风控、Kelly 仓位、钱包分析、Monte Carlo 与套利量化功能,助开发者快速构建量化策略。
0· 786·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
安全
medium confidenceThe skill's claims, required credential, and install instructions are coherent for a prediction-market trading CLI; nothing obviously out of scope, but there are normal pip-install and URL/SSRF caveats you should consider.
评估建议
This skill appears to be what it says: a Horizon SDK-based CLI for prediction-market trading that requires one API key (HORIZON_API_KEY) and installs a pip package (horizon-sdk). Before installing: 1) Verify the horizon-sdk package source (PyPI project page, maintainer, and repository) — pip packages run code on install and at runtime. 2) Use a least-privilege HORIZON_API_KEY (grant only necessary permissions) and avoid sharing it. 3) Run installation and the CLI in an isolated environment (virt...详细分析 ▾
✓ 用途与能力
Name/description (prediction-market trading, orders, positions, analytics) match the code and runtime instructions. The single required env var (HORIZON_API_KEY) is appropriate for an SDK that talks to market/wallet APIs. The CLI delegates to a 'horizon' package installed via pip, which is expected.
ℹ 指令范围
SKILL.md limits actions to market discovery, orders, wallet analytics and feed management which matches the CLI. The CLI also accepts user-supplied HTTPS feed URLs; the script includes hostname and simple IP heuristics to block private hosts, but validation is syntactic and may not catch DNS-based redirects, IPv6 addresses, or DNS names resolving to private IPs. That residual SSRF risk is proportional to the feed feature but worth noting.
ℹ 安装机制
Install is via pip (formula: horizon-sdk) which is appropriate for a Python SDK. Installing a third-party pip package executes untrusted code on the host and may pull additional dependencies—this is expected but carries the usual supply-chain risk; no arbitrary URL downloads or obscure installers were specified in the skill metadata.
✓ 凭证需求
Only HORIZON_API_KEY is required and declared as primaryEnv. That single credential aligns with the skill's purpose (API access to trading/wallet services). No unrelated secrets, config paths, or extra credentials are requested.
✓ 持久化与权限
always is false and the skill does not request system-wide persistence or modify other skills. Model invocation is enabled by default (normal). No elevated platform privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.5.52026/2/18
- Expanded quantitative analytics: added AFML features (bars, labeling, fractional differentiation, HRP, denoising). - Added multi-strategy orchestration and alpha research tools. - Introduced tier-gated features for advanced users. - Enhanced documentation and versioning details. - Core prediction market trading, analytics, and risk management features retained.
● 可疑
安装命令
点击复制官方npx clawhub@latest install horizon-trader
镜像加速npx clawhub@latest install horizon-trader --registry https://cn.longxiaskill.com