Predictclaw Publish Docs 20260320
Security checks across malware telemetry and agentic risk
Overview
Review recommended: the skill appears purpose-aligned, but it can use private wallet keys to place trades or withdraw funds, and those high-impact permissions are not fully surfaced through metadata or approval boundaries.
Install only if you intend to let OpenClaw interact with Predict.fun trading and wallet workflows. Start in read-only or test-fixture mode, use a dedicated low-balance wallet for testing, verify every private key and API key placed in .env, and require your own confirmation before any real buy or withdrawal. For vault mode, separately verify the mandated MCP binary/source before use.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes these commands with the wrong market, amount, side, or recipient, the user could place an unwanted trade or move funds.
The documented command surface includes authenticated withdrawals and buy orders. These are purpose-aligned for a trading skill, but they are high-impact financial actions and the visible artifacts do not show an explicit confirmation gate before execution.
uv run python scripts/predictclaw.py wallet withdraw usdt 1 0xb307... --json uv run python scripts/predictclaw.py buy 123 YES 25 --json
Use read-only or test-fixture mode first, and only enable real signer modes when you can independently confirm every buy, withdrawal amount, and recipient address.
Platform permission prompts or registry metadata may not fully reflect that the skill can use keys capable of signing trading, wallet, or vault-related actions.
The skill intentionally declares only two universal environment variables in metadata while documenting multiple high-privilege private keys and account credentials for operating modes.
requires":{"bins":["uv"],"env":["PREDICT_ENV","PREDICT_WALLET_MODE"]} ... PREDICT_PRIVATE_KEY=0xYOUR_EOA_PRIVATE_KEY ... PREDICT_PRIVY_PRIVATE_KEY=0xYOUR_PRIVY_EXPORTED_KEY ... ERC_MANDATED_AUTHORITY_PRIVATE_KEY=0xYOUR_VAULT_AUTHORITY_KEYTreat this as a financial-signing skill: use dedicated low-balance wallets, avoid mainnet keys until tested, and review exactly which .env variables are present before invoking wallet or trade commands.
Using the wrong or untrusted MCP launcher could affect vault preparation or funding workflows.
Advanced vault workflows rely on an external MCP runtime selected by command path rather than a pinned dependency in the visible install specification.
If your environment packages that runtime through something like an `@erc-mandated/mcp` package, point `ERC_MANDATED_MCP_COMMAND` at the launcher it installs. PredictClaw's public contract is the command path, not a hard-coded package manager dependency.
Install the mandated-vault MCP runtime only from a trusted source, pin its version where possible, and verify the command path before enabling vault modes.
Vault-related requests and context may be passed to another local runtime whose identity and permissions matter.
The skill communicates with an external MCP runtime for vault control-plane and funding-overlay workflows. This is disclosed and purpose-aligned, but it creates an additional trust boundary.
`ERC_MANDATED_MCP_COMMAND` is the launcher command that PredictClaw uses to talk to the mandated-vault MCP runtime. ... Vault overlay orchestration ... Control-plane safety boundary
Only enable mandated-vault or vault-overlay mode after confirming the MCP runtime is the intended one and that its permissions match your vault policy.
Local files may reveal market positions or trading history to anyone with access to the machine or skill storage directory.
The skill stores local journal and position data. That is expected for positions workflows, but it may contain sensitive financial history.
`PREDICT_STORAGE_DIR` | 本地 journal 与持仓存储 |
Store the skill data directory in a protected location and clear or back up position journals according to your privacy needs.