ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Opinion Skill

v0.1.1

基于 bun 运行时的 Opinion 预测市场工具集,支持市场查询、订单簿查看及基于多签钱包的链上交易操作。

0· 398·0 current·0 all-time
bya@yuandiaodiaodiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims an Opinion prediction‑market toolset and the scripts implement market queries and chain trades. However the registry metadata lists no required environment variables or binaries while the code and SKILL.md clearly require the bun runtime and environment variables (PRIVATE_KEY, MULTI_SIG_ADDRESS, API_KEY) for trading. That mismatch between declared requirements and actual needs is incoherent.
!
Instruction Scope
SKILL.md and the scripts stay within the described domain (market queries, caching, and trading) and explicitly avoid running trade scripts unless .env is configured. However the scripts make network calls to multiple external endpoints: an HTTPS openapi.opinion.trade host and an HTTP host (http://newopinion.predictscanapi.xyz:10001). Queries include user addresses and asset IDs (e.g., positions queries) which will be sent to those remote services. Using a non‑official/HTTP endpoint increases the risk that sensitive request context or probe activity could be observed or collected by a third party.
!
Install Mechanism
There is no formal install spec in the registry; SKILL.md instructs cloning from GitHub and running 'bun install' / using bun. It also suggests installing bun using 'curl https://bun.sh/install | bash' (a remote installer). While bun.sh is a known installer, instructing users to run a remote install script is higher risk than relying on preinstalled tooling. The package.json lists dependencies (@opinion-labs/opinion-clob-sdk, axios) so running bun install is necessary for trading scripts — this is not reflected in the registry metadata.
!
Credentials
Trading scripts legitimately require PRIVATE_KEY, MULTI_SIG_ADDRESS and API_KEY, and an RPC URL can be supplied. Those are sensitive secrets. The problem is the registry claims 'none' required; the primary credential is not declared. REQUESTING a user's private key is proportionate to performing on‑chain trades, but you must only provide such secrets to code you trust. Additionally, API requests are sent to a non‑standard HTTP host which could receive metadata about addresses/assetIds you query.
Persistence & Privilege
The skill is not always:true and does not request system‑wide configuration changes. It does create a cache under /root/opinionskills/scripts/.cache and assumes execution under /root/opinionskills, which implies root paths; that is a minor operational mismatch (it expects write access to /root). The skill can be invoked autonomously by the agent (platform default) — if you allow autonomous invocation and provide PRIVATE_KEY, the agent could perform transactions automatically. Combine that with the other concerns before granting credentials.
What to consider before installing
What to consider before installing: - The code implements exactly the described market queries and trading operations, but the registry metadata omitted important runtime requirements: you will need bun and (for trading) PRIVATE_KEY, MULTI_SIG_ADDRESS, and API_KEY. Treat these as highly sensitive. - Do not put your main wallet private key into .env on a system you do not fully trust. If you want to test, create a dedicated low‑value wallet/safe with limited funds and use that instead. - The scripts call two different external APIs: https://openapi.opinion.trade and http://newopinion.predictscanapi.xyz:10001. The latter is an HTTP (not HTTPS) host and is not obviously the official domain — this could expose query data (addresses, asset IDs) in transit and to the remote operator. Verify and prefer official HTTPS endpoints before sending sensitive queries. - The SKILL.md recommends installing bun via a remote installer (curl | bash). Prefer to install known runtime packages from trusted sources or use an isolated environment (container/VM) when running these scripts. - Because package.json lists dependencies, run 'bun install' only after you review package.json and the GitHub repo. Consider auditing @opinion-labs/opinion-clob-sdk version and the repo contents locally before providing any credentials. - Operational advice: run the code in an isolated environment (container or throwaway VM), inspect/verify the GitHub repo yourself, and use a test wallet. If you plan to allow autonomous agent actions, disable autonomous invocation or withhold PRIVATE_KEY until you are confident in the code and endpoints. If you want, I can: (1) list the exact locations in the code that read/write env vars and make external network calls, (2) fetch and show the GitHub repo README and commit history to help with provenance, or (3) suggest steps to run the scripts safely in a container and create a limited test wallet.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788kawknc0y6j2cb6xn1qv5x81x73x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments