ClawHub

Lucky Lobster

v1.0.0

Trade prediction markets on Polymarket. Search markets, place orders, and manage positions.

1· 1.3k·1 current·1 all-time
byLuckyLobster@rachelbastian·duplicate of @rachelbastian/luckylobster
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description: trade prediction markets on Polymarket. Required artifact: a single LUCKYLOBSTER_API_KEY. No unrelated binaries, packages, or external credentials are requested — this aligns with the stated purpose.
Instruction Scope
SKILL.md contains only API usage, a device-authorization flow to obtain an API key, examples of API calls, and instructions to persist the key. It does instruct the agent to write the API key into persistent storage (OpenClaw skill config or an .env file). Reading or transmitting other system files or unrelated credentials is not requested.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written by an installer — lowest-risk class for install mechanism.
Credentials
Only one environment variable is required (LUCKYLOBSTER_API_KEY), which is appropriate. The instructions recommend persisting that key either in the skill's OpenClaw config or by appending to ~/.openclaw/.env or the workspace .env — storing a secret in a shared/global .env may expose it to other processes/skills and is worth caution.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill suggests saving its own API key into the OpenClaw skill entry via gateway.config.patch, which is a normal pattern for persistent credentials and does not modify other skills or system-wide settings beyond its own entry.
Assessment
This skill is internally consistent for trading on Polymarket and only asks for a single API key. Before installing: (1) verify the LuckyLobster homepage and that you trust the service; (2) prefer storing the API key in the skill's dedicated secret storage (gateway.config) rather than appending it to a global or workspace .env, because .env files can be read by other tools/skills; (3) review and limit the API key's permissions if the provider allows scoped tokens (only grant read/trade/cancel/redeem as needed); and (4) monitor activity and revoke the key if you see unexpected trades or requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701646a8gzgyqpcs58z4wb3980ncms

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
EnvLUCKYLOBSTER_API_KEY
Primary envLUCKYLOBSTER_API_KEY

Comments