Decker + Polymarket

v1.1.0

Use when user asks about Polymarket prediction market via Decker. Triggers: Polymarket, 폴리마켓, 예측시장, PM 매수, PM 시장 검색, PM 카테고리, PM 이벤트, 시장 slug, YES/NO.

⭐ 0· 191·1 current·1 all-time

by@gigshow

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gigshow/decker-polymarket.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Decker + Polymarket" (gigshow/decker-polymarket) from ClawHub.
Skill page: https://clawhub.ai/gigshow/decker-polymarket
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install decker-polymarket

ClawHub CLI

Package manager switcher

npx clawhub@latest install decker-polymarket

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Functionality (search markets, create Polymarket orders via Decker) matches the description and would legitimately require a key capable of signing transactions. However the SKILL.md references an OPENCLAW_SECRET used in Decker API calls even though the skill metadata declares no required env vars/credentials — this mismatch is unexplained.

Instruction Scope

Runtime instructions tell operators to export a MetaMask private key and place it into Decker settings, and to invoke a Decker API endpoint that embeds OPENCLAW_SECRET in a GET query string. These steps involve collecting and transmitting highly sensitive secrets and encourage insecure handling (secrets in URL), which extends beyond benign query/lookup behavior.

✓

Install Mechanism

Instruction-only skill with no install spec or downloaded code. Low installation risk because nothing is written or executed by the skill files themselves.

Credentials

Skill metadata declares no required env vars, yet SKILL.md uses DECKER_API_URL and expects OPENCLAW_SECRET to be supplied in the request. The requirement to extract a wallet private key is plausible for signing, but the skill does not document where or how secrets should be provided securely, nor does it declare the secret in the manifest — this is disproportionate and under-specified.

✓

Persistence & Privilege

always:false and no install-time persistence requested. The skill can be invoked by agents as normal, but that autonomous use combined with sensitive secret handling increases risk; the skill itself does not request elevated platform privileges.

What to consider before installing

This skill appears to implement Decker↔Polymarket trading but it has important inconsistencies and insecure guidance you should consider before installing: - The SKILL.md references OPENCLAW_SECRET (sent in a GET URL) but the skill manifest lists no required credentials — ask the author to explicitly declare required secrets and explain how they are protected. - The instructions tell users to export their MetaMask private key and put it into Decker settings. Exporting raw private keys is risky. Prefer integrations that use WalletConnect, a hosted signer with clear security controls, or hardware wallets; never paste private keys into third-party services unless you fully trust and have audited them. - Embedding secrets in a GET query string leaks them to logs and intermediaries. Request that the developer switch to POST with secrets in request body or better: use authenticated headers and avoid including secrets in URLs. - Verify Decker's trustworthiness and how it stores keys (encryption at rest, access controls, key usage audit logs). If possible, test with a separate wallet holding minimal funds first. - Ask the publisher for: (1) explicit list of required env vars/credentials in the manifest, (2) explanation of how secrets are transmitted/stored, and (3) safer usage patterns (no secret-in-URL, recommend non-export signing flows). Because of these unresolved issues, treat the skill with caution until the developer provides clarification and improves secret handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk977x9q8vp3mtj3aq8c4155d75832s5y

191downloads

0stars

1versions

Updated 22h ago

v1.1.0

MIT-0

Decker + Polymarket (예측시장) 스킬

Goal

Decker를 통해 Polymarket 예측시장에서 시장 조회·YES/NO 주문 실행. 메인 decker 스킬을 확장. ClawHub polymarket-odds 흡수.

Quick Reference

사용자 말	액션	비고
"PM 시장 검색 비트코인", "폴리마켓 검색 트럼프"	시장 검색	Gamma API search
"PM 카테고리", "폴리마켓 태그"	태그/카테고리 목록	Gamma tags
"PM 이벤트 crypto", "폴리마켓 이벤트 정치"	이벤트 목록	tag_slug 선택
"PM 시장 will-bitcoin-100k", "폴리마켓 will-x"	시장 slug 상세	Gamma market by slug
"Polymarket will-x-win yes 10 매수", "PM 시장 slug yes 매수"	order-request exchange_id=polymarket	symbol=market_slug, outcome=yes/no
"Polymarket 시장 가격", "PM 확률"	Assistant API 또는 시장 조회
"PM 포지션"	Assistant API	JWT 필요

DECKER_API_URL

https://api.decker-ai.com

주문 (Polymarket)

order-request에 exchange_id=polymarket 추가:

GET {DECKER_API_URL}/api/v1/link/slack/order-request?slack_user_id={sender_id}&symbol=will-x-win&side=buy&quantity=10&exchange_id=polymarket&outcome=yes&openclaw_secret={OPENCLAW_SECRET}

exchange_id=polymarket 필수
symbol: Polymarket 시장 slug (예: will-joe-biden-get-coronavirus-before-the-election)
outcome: yes | no (YES/NO 토큰)
quantity: 주식 수 (shares)
price: Limit 주문 시 0.01~0.99 (선택)

전제 조건

Decker 가입 + Slack 연동
Polymarket 키 연동 (Decker 설정 → 거래소 API 설정)
시장 slug는 Polymarket에서 확인

Polymarket 키 설정 (에이전트 안내용)

Polygon 지갑: MetaMask에서 Polygon 네트워크(Chain ID 137) 추가
Polymarket 가입: https://polymarket.com → 지갑 연결 → USDC.e 입금(거래용)
개인키 추출: MetaMask → 계정 세부정보 → Export Private Key
Decker 설정: 로그인 → 설정 → 거래소 API 설정 → Polymarket
- Secret Key: Polygon 지갑 개인키(0x로 시작) — 필수
거래소 선택: exchange_preference를 "Polymarket"로 설정 후 저장
주문: "Polymarket 시장-slug yes 10 매수" (slug는 polymarket.com에서 확인)