Polymarket Arbitrage Pro
v7.1.5Polymarket预测市场套利工具。自动检测并执行套利交易,每次调用自动扣费。
⭐ 0· 415·1 current·1 all-time
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (Polymarket arbitrage + automatic trading) legitimately requires a Polygon private key and a billing key; the SKILL.md and code both request POLYMARKET_PRIVATE_KEY and SKILLPAY_KEY. However the registry metadata above lists 'Required env vars: none' while the SKILL.md and code require two secrets — this mismatch is an incoherence that should be explained by the publisher.
Instruction Scope
Runtime instructions and the CLI code ask you to export your raw wallet private key (used to sign on‑chain orders) and the SKILLPAY_KEY, and then the tool will sign and submit real orders to Polymarket endpoints and call a third‑party billing API (https://skillpay.me). The instructions explicitly guide exporting private keys and running the CLI; nothing else in the docs or code claims to read system files, but requesting raw private keys is high risk and should be minimized or explained (use of delegated/derived api keys, hardware signers, or limited-scope signing would be preferable).
Install Mechanism
No external download/install script is present; this package is a Node CLI with package.json listing node-fetch and ethers. There is no install spec that pulls arbitrary third‑party archives. That said, the code attempts to require '@polymarket/clob-client' at runtime but that dependency is not in package.json — the code handles its absence and falls back to direct API calls.
Credentials
The requested env vars (POLYMARKET_PRIVATE_KEY, SKILLPAY_KEY) are relevant to the stated functionality, but they are high‑privilege secrets: the private key fully controls on‑chain funds. The registry metadata claiming no required env vars contradicts the SKILL.md and code. The SkillPay key is sent to a third‑party billing endpoint (skillpay.me) — that may be expected for billing, but it means a second external party will receive your wallet address plus your SKILLPAY_KEY. The tool does not appear to transmit your private key to external servers, but it will sign messages locally and send signatures to the CLOB API (normal for order submission).
Persistence & Privilege
The skill is not force-included (always: false) and does not request system‑wide configuration changes. It is a user-invocable CLI and will run only when invoked; it uses no special platform privileges.
What to consider before installing
Key points before installing:
- This tool requires your raw Polygon private key. Supplying that gives full control of any funds in that wallet. Avoid using your main wallet; if you must test, use a fresh wallet funded with minimal test funds only.
- The billing key (SKILLPAY_KEY) is sent to a third‑party service (skillpay.me) for balance/charging. Confirm you trust that service and never reuse a high‑privilege key there.
- Registry metadata claims no env vars but the code and SKILL.md require two secrets — ask the publisher why metadata and docs disagree.
- The code attempts to use an optional '@polymarket/clob-client' SDK (not listed in package.json) and falls back to direct HTTP order posting. That fallback posts signatures and wallet address to Polymarket CLOB endpoints (expected for order placement). Review the exact network endpoints (https://gamma-api.polymarket.com, https://clob.polymarket.com, https://skillpay.me) and confirm they are legitimate.
- There are minor version mismatches across files and a suspicious-looking billing request (chargeUser posts amount: 0) — could be a bug or intentional; request clarification.
- Recommended actions: (1) audit the code yourself or ask an independent auditor to do so; (2) run locally in an isolated environment with a throwaway wallet; (3) prefer a signer pattern that does not expose an exported private key (hardware wallet or delegated API key) if possible; (4) do not install or run until the registry metadata mismatch is resolved and the publisher explains the billing flow and data sent to skillpay.me.Like a lobster shell, security has layers — review code before you run it.
latest
💰 Polymarket Arbitrage Pro v7.1.1
预测市场套利 | 自动交易 | 盈利分成
🔥 产品概述
Polymarket 是全球最大的预测市场,基于Polygon区块链,日交易量达数百万美元。用户可以对未来事件进行押注,如:
- "Trump win the 2020 election?" → 交易量 $10,802,601
- "Jesus Christ return before GTA VI?" → 交易量 $9,747,238
- "Russia-Ukraine Ceasefire before GTA VI?" → 交易量 $1,351,088
💡 套利原理
什么是套利?
预测市场的每个问题都有两个结果:Yes 和 No。理论上,Yes价格 + No价格 = 100%。
但由于市场流动性和信息不对称,实际价格经常出现偏差:
例子:
- Yes 价格: 0.45 (45%)
- No 价格: 0.60 (60%)
- 总计: 105% → 存在5%套利空间!
套利操作:
1. 买入 Yes ($0.45) + 买入 No ($0.60)
2. 无论结果如何,保证盈利 5%
套利优势
✅ 无风险盈利 - 只要价格偏离100%,必定盈利
✅ 市场波动 - 重大事件前价格波动大,机会多
✅ 自动化执行 - 7×24小时监控,自动捕捉机会
📊 数据支持
Polymarket 市场数据
| 指标 | 数据 |
|---|---|
| 日活跃用户 | 50,000+ |
| 日交易量 | $10,000,000+ |
| 市场数量 | 1,000+ |
| 区块链 | Polygon (低Gas费) |
近期热门市场
| 市场 | 交易量 | 流动性 |
|---|---|---|
| Jesus Christ return before GTA VI? | $9,747,238 | $710,409 |
| Russia-Ukraine Ceasefire before GTA VI? | $1,351,088 | $37,425 |
| New Rihanna Album before GTA VI? | $643,898 | $29,144 |
⚙️ 功能特性
✅ 智能套利检测 - 实时监控市场价格,自动识别偏离100%的机会
✅ 自动交易执行 - 检测到机会后自动下单,无需人工操作
✅ 7×24持续运行 - 永不休息,实时捕捉市场机会
✅ 余额自动扣费 - 每次调用自动扣除1 token (约$0.001)
✅ 充值提醒 - 余额不足时自动生成充值链接
🚀 安装配置
1. 环境要求
- Node.js 14+
- Polygon钱包(MetaMask/OKX钱包导出私钥)
- USDC.e (交易资金) + POL (Gas费)
2. 获取Polygon私钥
MetaMask导出:
- 点击账户头像 → 账户详情
- 点击"导出私钥"
- 输入密码复制(不带0x前缀)
OKX钱包导出:
- 我的 → 安全管理 → 导出私钥
- 选择Polygon网络
3. 配置环境变量
# Polygon钱包私钥(用于签署交易)
export POLYMARKET_PRIVATE_KEY="你的私钥(不带0x)"
# SkillPay计费密钥(用于自动扣费)
export SKILLPAY_KEY="你的SkillPay密钥"
4. 运行命令
arbitrage scan # 扫描市场机会
arbitrage start # 启动持续监控
arbitrage balance # 查看钱包余额
💰 收费说明
- 每次调用: 1 token (约 $0.001)
- 充值: 最低 5 USDT (= 5000 tokens,可使用5000次)
- 余额查询: 余额不足时自动显示充值链接
⚠️ 风险提示
- 加密货币交易有风险,请先用小额测试
- 套利机会转瞬即逝,需保证网络流畅
- 市场流动性不足时可能无法立即成交
- 智能合约存在极小概率的技术风险
- 盈亏自负
📞 支持
- 问题反馈:请提交Issue
- 技术支持:通过Telegram联系
版本:7.1.1
作者:BOB-Z-PRO
Comments
Loading comments...