PolyEdge - Polymarket Correlation Analyzer
v0.1.1Detect mispriced correlations between Polymarket prediction markets. Cross-market arbitrage finder for AI agents.
⭐ 4· 3.2k·6 current·6 all-time
by@sbaker5
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements the claimed functionality (fetch Polymarket markets, analyze correlations, surface signals, and optionally expose an x402-payg HTTP API). However the registry metadata / SKILL.md declare no required environment variables while the code expects and uses several environment variables (PAYMENT_WALLET, PRICE_USDC, BASESCAN_API_KEY, BASE_RPC, REQUIRE_PAYMENT via env). Payment-related configuration is consistent with the advertised pay-per-query API, but the lack of declared env requirements and the presence of a hardcoded PAYMENT_WALLET (an external address) is an editorial/information mismatch that users should be aware of.
Instruction Scope
Runtime instructions in SKILL.md focus on running analyzer.py and editing patterns.py; they do not instruct the agent to read local user files or secrets. The code performs only network calls to public APIs (Polymarket Gamma API, Base RPCs, BaseScan) and does not attempt to read the user's filesystem or env files beyond standard os.environ usage. The SKILL.md advertises an external pay endpoint (api.nshrt.com) which matches links and dashboard references in the code.
Install Mechanism
No install spec is provided (instruction-only / source-included). That minimizes hidden install-time risk. The repository is pure Python code that uses urllib for network I/O; nothing is downloaded at install time. If you run the docker-compose it references traefik and an external network, which is a deployment detail — but there is no remote arbitrary archive or shortener URL being pulled during install.
Credentials
The skill declares no required env vars but the code uses several environment variables and has defaults baked in. In particular PAYMENT_WALLET defaults to a specific hardcoded address (0xB8B9...), and PRICE_USDC and BASESCAN_API_KEY can be set via env. Directing payments to a default external wallet is a behavior users should treat as intentional monetization by the author; it's not a secret-exfiltration technique but it is a potentially surprising default if you deploy the API yourself without overriding PAYMENT_WALLET. There are no requests for unrelated credentials (AWS keys, github tokens, etc.), which is good.
Persistence & Privilege
The skill doesn't request permanent 'always' inclusion and doesn't modify other skills or system settings. It's a code bundle that can be run locally or hosted; it does not install agents or persist credentials into the host environment. Running the API server will accept requests and may cache verified payments in memory (VERIFIED_PAYMENTS), but that's local to the process.
What to consider before installing
High-level points to consider before installing or running this skill:
- Purpose and behavior: The code implements a Polymarket correlation analyzer and an optional paid HTTP API (x402) as described. Running analyzer.py locally to inspect two markets is low-risk aside from normal network calls to Polymarket's API.
- Default payment recipient: If you run the API server or deploy the provided docker-compose, the code's default PAYMENT_WALLET is hardcoded to an external address. Unless you explicitly set PAYMENT_WALLET to your own address via environment variables, payments will go to the author's wallet. This is not secret exfiltration but is a monetization choice you should be aware of.
- Undeclared env vars: The SKILL.md / registry metadata say “no required env vars,” but the code reads env vars (PAYMENT_WALLET, PRICE_USDC, BASESCAN_API_KEY, BASE_RPC, REQUIRE_PAYMENT). If you intend to host the service, set these deliberately and inspect defaults.
- Network behavior: The skill makes outbound requests to Polymarket (gamma-api.polymarket.com), BaseScan, and multiple public Base RPC providers. If you are in a restricted environment, be aware of these external calls. The x402 payment verification uses multiple third-party RPC endpoints as fallbacks — review those endpoints if you expect to control network endpoints.
- Audit before deploying publicly: If you plan to host the API or expose it to agents, do a quick code audit: verify the PAYMENT_WALLET is set to your address (or remove payment logic if you don't want payg behavior), confirm BASESCAN_KEY usage and rate limits, and test the payment verification logic to ensure it matches your security/financial expectations (e.g., re-check minimal amount/slippage tolerance, on-chain verification robustness).
- When to avoid: Do not give this skill any private keys or credentials. If you are not comfortable with the default payment wallet or with an external pay-to endpoint (api.nshrt.com referenced in docs), do not run the API server; instead run analyzer.py locally for one-off analyses.
If you want, I can: (1) point out the exact lines where PAYMENT_WALLET is set and used, (2) produce a minimal checklist of env vars to set before deploying, or (3) summarize how the x402 verification works step-by-step.Like a lobster shell, security has layers — review code before you run it.
basedefilatestpolymarkettradingx402
Polymarket Correlation Analyzer
Find arbitrage opportunities by detecting mispriced correlations between prediction markets.
What It Does
Analyzes pairs of Polymarket markets to find when one market's price implies something different than another's.
Example:
- Market A: "Will Fed cut rates?" = 60%
- Market B: "Will S&P rally?" = 35%
- Historical: Rate cuts → 70% chance of rally
- Signal: Market B may be underpriced
Quick Start
cd src/
python3 analyzer.py <market_a_slug> <market_b_slug>
Example:
python3 analyzer.py russia-ukraine-ceasefire-before-gta-vi-554 will-china-invades-taiwan-before-gta-vi-716
Output
{
"market_a": {
"question": "Russia-Ukraine Ceasefire before GTA VI?",
"yes_price": 0.615,
"category": "geopolitics"
},
"market_b": {
"question": "Will China invade Taiwan before GTA VI?",
"yes_price": 0.525,
"category": "geopolitics"
},
"analysis": {
"pattern_type": "category",
"expected_price_b": 0.5575,
"actual_price_b": 0.525,
"mispricing": 0.0325,
"confidence": "low"
},
"signal": {
"action": "HOLD",
"reason": "Mispricing (3.2%) below threshold"
}
}
Signal Types
| Signal | Meaning |
|---|---|
HOLD | No significant mispricing detected |
BUY_YES_B | Market B underpriced, buy YES |
BUY_NO_B | Market B overpriced, buy NO |
BUY_YES_A | Market A underpriced, buy YES |
BUY_NO_A | Market A overpriced, buy NO |
Confidence Levels
- high — Specific historical pattern found (threshold: 5%)
- medium — Moderate pattern match (threshold: 8%)
- low — Category correlation only (threshold: 12%)
Files
src/
├── analyzer.py # Main correlation analyzer
├── polymarket.py # Polymarket API client
└── patterns.py # Known correlation patterns
Adding Patterns
Edit src/patterns.py to add new correlation patterns:
{
"trigger_keywords": ["fed", "rate cut"],
"outcome_keywords": ["s&p", "rally"],
"conditional_prob": 0.70, # P(rally | rate cut)
"inverse_prob": 0.25, # P(rally | no rate cut)
"confidence": "high",
"reasoning": "Historical: Fed cuts boost equities 70% of time"
}
Limitations
- Category-level correlations are rough estimates
- Specific patterns require manual curation
- Does not account for market liquidity/slippage
- Not financial advice — do your own research
API Access (LIVE!)
x402-enabled API endpoint for pay-per-query access.
GET https://api.nshrt.com/api/v1/correlation?a=<slug>&b=<slug>
Pricing: $0.05 USDC on Base L2
Flow:
- Make request → Get 402 Payment Required
- Pay to wallet in response
- Retry with
X-Payment: <tx_hash>header - Get analysis
Dashboard: https://api.nshrt.com/dashboard
Author
Gibson (@GibsonXO on MoltBook)
Built for the agent economy. 🦞
Comments
Loading comments...