shoko/jujutsu-skills
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shoko:3d7b136cca9b8131d3b99c826c6c0b6f0cad0cbe
Branches Tags
shoko:master shoko:fix/live-time-display shoko:feat/parallel-fetch-cache shoko:fix/line-lengths shoko:feat/add-type-hints shoko:fix/issue-14-refactor-browse shoko:hermes/hermes-e8a6100e
shoko:polymarket-browse/v0.0.3 shoko:polymarket-browse/v0.0.2
...
compare: shoko:master
Branches Tags
shoko:master shoko:fix/live-time-display shoko:feat/parallel-fetch-cache shoko:fix/line-lengths shoko:feat/add-type-hints shoko:fix/issue-14-refactor-browse shoko:hermes/hermes-e8a6100e
shoko:polymarket-browse/v0.0.3 shoko:polymarket-browse/v0.0.2

2 Commits
3d7b136cca ... master

Author SHA1 Message Date
shoko
5bfec66a34 docs(polymarket-browse): remove Changelog and Credits from SKILL.md 
Changelog tracked via git tags instead.
 2026-03-27 02:47:09 +00:00
shoko
0902bfafaa docs(polymarket-browse): remove SECURITY.md - overhead for users/agents 
Security findings tracked in GitHub issues instead.
 2026-03-27 02:44:05 +00:00
2 changed files with 0 additions and 57 deletions
Expand all files Collapse all files

25
skills/polymarket-browse/SECURITY.md
View File

@@ -1,25 +0,0 @@
# Security Policy
## Security Audit (2026-03-25)
This document tracks security issues found during the 2026-03-25 audit.
## Fixed Issues
| Issue | Severity | Fixed Date | Fix |
|-------|----------|------------|-----|
| Telegram bot token in process command line | CRITICAL | 2026-03-25 | Switched to Python urlopen from curl subprocess |
| HTML injection in Telegram messages | HIGH | 2026-03-25 | Added escape_html() function |
| Insufficient --search URL encoding | MEDIUM | 2026-03-26 | Use urllib.parse.quote() |
| --detail bounds not validated | MEDIUM | 2026-03-26 | Error on out of range |
| No response size limits | MEDIUM | 2026-03-26 | MAX_RESPONSE_SIZE check |
| Bare except: clauses | LOW | 2026-03-26 | Catch specific exceptions |
| No API rate limiting | LOW | 2026-03-26 | TokenBucket rate limiter |
## Open Issues
All security issues from this audit have been addressed in subsequent releases.
## Reporting Security Issues
If you find a security vulnerability, please report it by opening an issue.

32
skills/polymarket-browse/SKILL.md
View File

@@ -250,35 +250,3 @@ polymarket-browse --max-total 20
polymarket-browse --timezone UTC+8
polymarket-browse --timezone UTC-5
```
## Changelog
### v0.0.3 (Current)
- Added `--starts-before` filter for filtering match events by start time
- Added `--timezone` argument for display timezone configuration (default: UTC+7)
- Added TokenBucket rate limiter (10 calls/sec) to prevent API overload
- Added dynamic response size limits to prevent memory exhaustion
- Added proper URL encoding for special characters in --search
- Replaced bare `except:` with specific exception handling
- Improved `--detail` argument validation with error on out-of-range
- Added Troubleshooting, Examples sections to documentation
- Created SECURITY.md for audit tracking
### v0.0.2
- Added `--matches-only` and `--non-matches-only` filters
- Added `--max-total` for limiting fetch size
- Added Telegram support with `--telegram` flag
- Improved BO2 tie detection
### v0.0.1
- Initial release
- Basic Polymarket browsing by category
- Match/non-match market filtering
- Moneyline odds display
## Credits
**Author:** shokollm
**Repository:** https://github.com/shokollm/jujutsu-skills
Built for Hermes Agent and OpenClaw.