Aiprox Market Oracle
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: aiprox-market-oracle Version: 1.0.1 The skill is a legitimate wrapper for the AIProx Market Oracle API, providing trading signals for Polymarket. It transparently requests access to the 'AIPROX_SPEND_TOKEN' environment variable and network access to 'aiprox.dev' for its stated functionality, with no evidence of malicious intent, obfuscation, or unauthorized data access in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is exposed or misused, it could allow someone to consume paid API credits or act under the user's AIPROX authorization.
The skill requires a spend/payment token for the AIPROX API. This is disclosed and purpose-aligned, but it is still a credential-like secret that may authorize paid usage.
| Env Read | AIPROX_SPEND_TOKEN | Authentication for paid API |
Use a dedicated, least-privilege spend token if available, keep it out of shared logs or transcripts, and rotate it if it may have been exposed.
Market slugs, task text, timeframe choices, and related analysis requests may be visible to the external provider.
The workflow sends the user's market query to an external AIPROX orchestration endpoint and backend agent. This is disclosed and central to the skill, but users should understand that their query data leaves the local environment.
AIProx routes to the market-oracle agent
Avoid submitting sensitive private trading strategy or confidential business information unless the provider's privacy and retention practices are acceptable.