Signalradar
v1.0.8SignalRadar — Monitor Polymarket prediction markets for probability changes and send alerts when thresholds are crossed. Use when user asks to "add a Polymar...
⭐ 2· 791·1 current·1 all-time
by@vahnxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (monitor Polymarket markets and send alerts) matches the declared requirements and included code. Required binaries (python3, crontab) are appropriate for a Python CLI that can be scheduled. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
Runtime instructions focus on reading Polymarket via gamma-api.polymarket.com and delivering alerts via webhook/file/openclaw. The SKILL.md references platform-injected env vars (OPENCLAW_REPLY_CHANNEL, OPENCLAW_REPLY_TARGET) and describes persisting a reply route file (~/.signalradar/cache/openclaw_reply_route.json); those platform envs are not listed as required in metadata (they are platform-injected, but the mismatch is worth noting). The skill will call external webhooks (user-supplied targets) to deliver alerts; that is expected but means data will be transmitted to arbitrary endpoints the user configures.
Install Mechanism
No install spec (instruction-only) — the bundle contains Python scripts that will run under the existing python3 interpreter. There are no downloads from untrusted URLs in the manifest and no package installs declared. This is low-risk from an install-source perspective.
Credentials
The skill does not request secrets or service credentials. It documents optional SIGNALRADAR_* env overrides for config/data paths (reasonable). Note: webhook targets provided by the user often contain secrets/tokens (e.g., Slack/Telegram bot URLs); treat configured webhook URLs as sensitive since the skill will send event payloads to them.
Persistence & Privilege
The skill writes and persists runtime state under the user's home (~/.signalradar/), including baselines, watchlist, audit logs, digest state, and a persisted OpenClaw reply route. It also attempts to auto-enable background monitoring and prefers using system crontab — that implies the ability to add/remove a crontab entry. Those are reasonable for a scheduler/monitoring tool, but they are material privileges: crontab modification and persistent reply-route capture are actions you should explicitly consent to.
Assessment
This skill appears to be what it says: a Polymarket monitor implemented as Python scripts that run locally and can be scheduled. Before enabling: 1) Be aware it will create and write files under ~/.signalradar (watchlist, baselines, audit logs, reply-route) — review or back up that directory if needed. 2) The skill may modify your system crontab to enable periodic checks — only allow this if you approve a background job. 3) Alert delivery to webhooks means you will supply target URLs; treat those as secrets (Slack/Telegram webhooks or bot URLs contain tokens). 4) The skill documents relying on OpenClaw-injected env vars (OPENCLAW_REPLY_CHANNEL/TARGET) and will persist route info for background push; if you run it on the OpenClaw platform, know that route info will be stored indefinitely until overwritten. 5) If you want extra assurance, scan/inspect route_delivery.py and signalradar.py (delivery and scheduling code paths) to confirm no unexpected external endpoints or behaviors. If you do not want crontab changes or local persistence, run manual checks only (use run/show commands) rather than enabling scheduling.Like a lobster shell, security has layers — review code before you run it.
betavk97dgvh3fxahv4rmfmemtegpw1824wjvlatestvk97dht027cwv5nqczp0xmfgazx831cf5monitoringvk9709tf39264qsm6vhgsbdft4h82jr91polymarketvk9709tf39264qsm6vhgsbdft4h82jr91prediction-marketsvk9709tf39264qsm6vhgsbdft4h82jr91
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📡 Clawdis
Binspython3, crontab