ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Odds Movement Monitor 赔率异动监控

v2026.4.15-100

专业级体育赛事赔率异动监控系统 - 实时追踪亚盘、欧赔、大小球变化。 智能识别机构操盘意图,捕捉变盘信号,辅助投注决策。 已接入 SkillPay 付费系统。

0· 1.8k·0 current·0 all-time
by@shenmeng

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shenmeng/shenmeng-odds-movement-monitor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Odds Movement Monitor 赔率异动监控" (shenmeng/shenmeng-odds-movement-monitor) from ClawHub.
Skill page: https://clawhub.ai/shenmeng/shenmeng-odds-movement-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install shenmeng-odds-movement-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install shenmeng-odds-movement-monitor
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements an odds-monitoring system that matches the name/description (fetching odds, detecting changes, saving to SQLite). Payment integration with SkillPay is consistent with the 'paid' description. However metadata and runtime disagree about required credentials: registry metadata lists no required env vars, _meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID required, monitor.py expects ODDS_API_KEY (recommended in README/demo). This mismatch is incoherent and should be clarified.
!
Instruction Scope
SKILL.md and README focus on monitoring and demo usage and mention exporting ODDS_API_KEY in the demo, which is within purpose. But runtime code accesses environment variables (SKILLPAY_USER_ID, ODDS_API_KEY), performs network calls to third parties (api.the-odds-api.com and skillpay.me), and writes a local SQLite DB (odds_data.db). The SKILL.md does not fully document the payment flow or that a billing API key is embedded in code. The skill therefore reads/transmits data (user_id, billing requests) beyond what the SKILL.md explains.
Install Mechanism
There is no install spec (instruction-only at registry level) and only Python source files + requirements.txt. That is lower risk than arbitrary download/install scripts. The package requires network-accessible Python packages (aiohttp/requests) listed in requirements.txt which is normal for this functionality.
!
Credentials
The code expects and uses these environment/config values: ODDS_API_KEY (monitor.py), SKILLPAY_USER_ID (payment.verify_payment). _meta.json also declares SKILLPAY_API_KEY required, but payment.py does NOT read SKILLPAY_API_KEY from environment — instead it contains a long hard-coded BILLING_API_KEY secret and uses it to call skillpay.me. Hard-coding an API key in the repo is disproportionate and risky (it may allow the skill author or anyone with the repo to control billing behavior). The registry-level 'required env vars: none' is inconsistent with the code.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes a local SQLite DB (odds_data.db) and will make outbound network calls. Autonomous invocation is allowed by default (expected). The combination of autonomous invocation + embedded billing key increases blast radius (the skill can attempt billing/network ops when invoked).
What to consider before installing
This skill implements the stated odds-monitoring functionality but contains mismatches and a significant red flag: payment.py embeds a long BILLING_API_KEY secret and interacts with skillpay.me to charge users. Before installing or running it, ask the author to: (1) explain who owns the embedded billing key and why it is hard-coded (it should not be in source); (2) update metadata to declare which env vars are actually required (ODDS_API_KEY, SKILLPAY_USER_ID and/or SKILLPAY_API_KEY); (3) remove the hard-coded key and require a user-supplied billing API key or use a server-side billing proxy; (4) document exactly what data is sent to skillpay.me and when charging occurs. If you cannot verify the billing key's provenance, do not run this skill with real credentials or in an environment with sensitive data — run it in an isolated sandbox, inspect/modify the code to remove the hard-coded key, and rotate any exposed keys. Also be aware the skill performs outbound network calls to api.the-odds-api.com and skillpay.me and will create a local SQLite database (odds_data.db); consider legal/privacy implications of using a betting-related skill in your jurisdiction.

Like a lobster shell, security has layers — review code before you run it.

latestvk97373mmv222hhkxg2jah4vxbs84xq74
1.8kdownloads
0stars
615versions
Updated 1w ago
v2026.4.15-100
MIT-0
@shenmeng
latest
Download

📊 Odds Movement Monitor v2026

🏆 Batch 3 Release | 2026年4月更新版

专业级体育赛事赔率异动监控系统

核心能力

1. 多维度赔率监控

  • 亚盘追踪 - 实时监控让球盘变化,捕捉变盘信号
  • 欧赔分析 - 追踪胜平负赔率变动,识别机构态度
  • 大小球监控 - 监测大小球盘口和水位变化

2. 智能异动识别

  • 盘口变盘 - 盘口升降超过0.25球的显著变动
  • 水位异动 - 赔率水位突然大幅调整
  • 逆向操作 - 与市场预期相反的赔率调整

3. 全面赛事覆盖

  • 五大联赛 - 英超、西甲、德甲、意甲、法甲
  • 国际赛事 - 欧冠、欧联、世界杯、欧洲杯
  • 亚洲赛事 - 中超、J联赛、K联赛、亚冠

定价

已接入 SkillPay,每次调用 0.01 USDT

Comments

Loading comments...