ClawHub

PredictMe - AI Trading Agent

v1.2.0

Trade 10-second crypto prediction markets on PredictMe

6· 3.8k·25 current·25 all-time
by@howardpen9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (10s crypto prediction markets) match the included SKILL.md, agent-card.json, agents.json and endpoints (api.predictme.me). Required resources are minimal (no env vars or binaries). Asking for an agent API key and local credential storage is proportionate for a trading agent.
Instruction Scope
Runtime instructions focus on registration, polling /odds, placing /bet requests, maintaining a nonce, and storing credentials/preferences locally. There is no directive to read unrelated system files or to exfiltrate data to unexpected endpoints; external endpoints are limited to app.predictme.me, api.predictme.me and a Telegram group link.
Install Mechanism
No install spec; only a service-worker file (sw.js) and static assets are included. The service worker is a benign caching worker (caches static assets) and does not download or execute remote arbitrary code during install.
Credentials
The skill requests no environment variables or system config paths. It instructs saving a one-time API key to a local credentials file (~/.predictme/credentials.json or project-local), which is expected for an API-backed agent. No unrelated secrets or multiple credentials are requested.
Persistence & Privilege
The skill is not marked always:true and uses normal autonomous invocation (disable-model-invocation: false). It instructs the agent to persist its own API key and preferences locally; this is expected but gives the skill the ability to act later using stored credentials. Consider whether you want the agent to act autonomously with that key.
Assessment
This package appears internally consistent with a PredictMe trading agent, but before installing: 1) Confirm you trust https://api.predictme.me and https://app.predictme.me (the skill's network calls use those hosts and a Telegram link). 2) Understand the API key is shown once after admin approval and the agent is instructed to save it locally (~/.predictme/credentials.json or project-local) — protect that file and .gitignore it. 3) The agent can act autonomously with its saved key (default platform behavior); if you want manual control, enable a require-approval preference or disallow autonomous invocation. 4) This skill uses TEST/BONUS balances only (non-withdrawable per docs) — don’t provide real funds. 5) If you have limited trust in the remote service, avoid giving it persistent storage or revoke the agent key after use. If you want, I can list exact lines in SKILL.md that create/handle the credential file and the endpoints the skill will call.

Like a lobster shell, security has layers — review code before you run it.

latestvk971bt53956cwzrapbggkebk7d80nmfm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis

Comments