ClawHub

Presage

v1.3.1

Connect to Presage, the AI prediction market terminal on Solana. Trade prediction markets (YES/NO outcomes on real-world events) using paper trading. Analyze...

0· 1k·0 current·0 all-time
by@seenfinity
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (read-only market analysis for Presage/Calshi on Solana) matches the included assets: SKILL.md and a single analysis.js that only fetches presage.market endpoints. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
SKILL.md and the runtime instructions limit behavior to fetching public API endpoints and providing analysis. The instructions do not ask the agent to read local files, environment secrets, or post data to third-party endpoints outside presage.market/GitHub.
Install Mechanism
No automated install spec is present (instruction-only). The README suggests cloning the GitHub repo or using ClawHub; pulling code from a GitHub repo is expected and lower risk than arbitrary URL downloads.
Credentials
The skill declares no required environment variables or credentials. The only parameter that may be sensitive is agentId passed to getPortfolio (it identifies an account), but the skill does not request secrets or API keys.
Persistence & Privilege
always is false and the skill does not request permanent agent-level privileges or modify other skills. Autonomous invocation is allowed (platform default) and is not combined with other red flags.
Assessment
This skill appears coherent and read-only, but before installing: (1) verify you trust the presage.market domain and the linked GitHub repo (inspect the repo yourself); (2) be mindful that functions make outbound HTTP requests to https://presage.market/api (network connectivity required); (3) avoid supplying secrets—getPortfolio needs an agentId (an identifier), but you should confirm whether the real API requires authentication before sending any private account identifiers; and (4) if you require stronger assurance, review the GitHub source and confirm there are no hidden calls or later versions that introduce write/trade operations (the code notes that trading execution would need additional implementation).

Like a lobster shell, security has layers — review code before you run it.

latestvk973v0ayqpgsp32edm85y2wt5d816ske

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments