Polymarket Copytrading
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: polymarket-copytrading Version: 1.10.2 The skill facilitates Polymarket copytrading by mirroring 'whale' wallets via the Simmer SDK. While the code in `copytrading_trader.py` and `scripts/status.py` appears functionally aligned with its stated purpose, it requires the AI agent to solicit and store a `WALLET_PRIVATE_KEY` in the environment, which is a high-risk capability. The instructions in `SKILL.md` explicitly guide the agent to handle these sensitive credentials and interact with the `api.simmer.markets` endpoint, creating a significant attack surface for credential theft if the agent is compromised. Additionally, the metadata and documentation contain unusual future-dated references (April 2026) which, while not explicitly malicious, are atypical for production code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the tool only buys or only dry-runs, while live mode may also sell positions depending on the actual argument defaults.
The skill can perform live financial trades, and the artifact gives conflicting guidance about whether it will sell positions by default. That ambiguity matters because selling or rebalancing Polymarket positions can directly affect user funds.
By default, runs in "buy only" mode - only buys to match whale positions, never sells existing positions. Exit handling: - Whale exit detection is ON by default (sell when whales exit) - --no-whale-exits: Disable whale exit detection (buy-only, never sell)
Before live use, verify the exact flags and defaults, start with dry-run and very small limits, and require explicit user confirmation for live, rebalance, and whale-exit selling behavior.
Anyone or anything that can access the private key may be able to sign trades for the wallet.
A wallet private key is expected for self-custody trading, but it grants high-impact authority over funds and should be handled with strict care.
Ask for wallet private key (required for live trading on Polymarket) - This is the private key for their Polymarket wallet (the wallet that holds USDC) - Store in environment as `WALLET_PRIVATE_KEY` - The SDK uses this to sign orders client-side automatically
Use a dedicated low-balance trading wallet, store secrets securely, avoid pasting private keys into chat where possible, and remove the key when not actively needed.
A future package update could change trading behavior or credential handling compared with the reviewed artifact.
The external SDK dependency is not pinned to an exact version. This is common for integrations, but here the dependency is central to account access and trade execution.
simmer-sdk>=0.11.1 packaging>=20
Prefer a pinned and reviewed SDK version for live trading, and review dependency changes before upgrading.
Once started, the reactor workflow may keep watching signals and attempting trades until stopped or limited by configuration.
Reactor mode is designed to poll continuously and keep some server-side reaction state. This appears purpose-aligned, but users should understand it can continue acting after startup.
REACTOR_POLL_INTERVAL_SECONDS = float(os.environ.get("REACTOR_POLL_INTERVAL_SECONDS", "2"))
# Circuit breaker: if the last N reactor_reactions are all 'failed', pause
# processing ... The circuit
# state lives server-side in reactor_reactions, so it survives harness
# restartsOnly run reactor mode intentionally, monitor it while active, set conservative limits, and know how to stop the automaton or revoke credentials.