Predictfunclaw
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: predictclaw Version: 0.1.34 PredictClaw is a legitimate and well-architected trading tool for the predict.fun platform. It handles sensitive information, including blockchain private keys and API tokens, but implements robust security practices such as automated secret redaction in logs and error messages (found in lib/config.py and lib/api.py). The skill utilizes an external MCP (Model Context Protocol) runtime via subprocess execution (lib/mandated_mcp_bridge.py) to manage 'mandated vaults'; while this is a high-privilege capability, it is used strictly for the stated purpose, employs safe command parsing with shlex, and requires explicit user confirmation for on-chain actions. Design documentation within the bundle specifically addresses risk reduction by avoiding automatic package installations or silent environment modifications.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with funded wallets, mistakes or unintended commands could create trades or move funds.
The skill exposes commands that can place trades and withdraw funds. This matches the stated purpose, but these actions can directly affect user assets.
PredictClaw is ... for browsing markets, checking wallet readiness, viewing funding guidance, withdrawing funds, placing buys, inspecting positions, and scanning hedge opportunities.
Use read-only or fixture mode unless you intentionally want trading. Review market IDs, amounts, addresses, and any confirmation prompts before allowing buy, withdrawal, or vault actions.
Supplying these keys can authorize real account access, trades, vault actions, or fund movement depending on the selected mode.
The skill can use API credentials and private keys for trading, Predict Account, and vault control flows. These credentials are expected for the purpose, but they grant high-impact authority.
Required env vars: ... PREDICT_API_KEY, PREDICT_EOA_PRIVATE_KEY, PREDICT_ACCOUNT_ADDRESS, PREDICT_PRIVY_PRIVATE_KEY, ... ERC_MANDATED_AUTHORITY_PRIVATE_KEY, ERC_MANDATED_EXECUTOR_PRIVATE_KEY, ERC_MANDATED_BOOTSTRAP_PRIVATE_KEY ...
Provide only the keys needed for your chosen mode, prefer least-privilege and low-balance wallets, and avoid entering advanced vault keys unless the specific workflow requires them.
A compromised or unexpected MCP package version could affect vault-related operations.
Vault workflows depend on an external npm package/runtime. This is disclosed and purpose-aligned, but it adds a separate dependency trust boundary.
[1] node | package: @erc-mandated/mcp | creates binaries: erc-mandated-mcp
Install the MCP runtime only from trusted package sources, consider pinning versions where possible, and update deliberately.
Vault setup or control-plane requests may pass through the external MCP runtime, so that runtime must be trusted.
Vault-mode operations are routed through an external MCP subprocess. The docs disclose this boundary and say it should fail closed, but users should understand that vault actions depend on another local runtime.
The bridge starts an external subprocess from `ERC_MANDATED_MCP_COMMAND` rather than embedding the MCP runtime into the skill process.
Use a known-good MCP command, verify its source, and do not proceed with vault mode if the MCP health check or provenance is unclear.
Information used for hedge analysis may leave the local environment if the OpenRouter-backed feature is enabled.
Optional hedge analysis uses an external model-provider credential. The artifact does not show exfiltration, but enabling this feature likely involves sending hedge-analysis prompts or market context to a provider.
`OPENROUTER_API_KEY` only matters for non-fixture `hedge scan` / `hedge analyze` usage.
Enable model-based hedge analysis only if you are comfortable with the provider boundary, and avoid including secrets or private wallet material in hedge prompts.
If an assistant blindly follows this documentation text, it could switch workflows unexpectedly while reviewing or editing the project.
A development plan contains agent-directed instructions. It does not appear to be part of the runtime SKILL.md flow, but agents should treat it as documentation, not as an instruction to override the user's task.
> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
Keep development-only agent instructions out of packaged user-facing artifacts where possible, or clearly mark them as inert documentation.