Skillv1.3.2

ClawScan security

Polymarket Elon Tweets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 10:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (automated trading of Polymarket tweet-count markets) is coherent with its code, but there are metadata and configuration inconsistencies and several user-risk points (private key usage, mismatched env names, and an explicit "--no-safeguards" option) that warrant caution before installing or running live.
Guidance: This skill appears to implement the trading strategy it advertises, but several inconsistencies and sensitive operations mean you should proceed carefully. Before installing or running live: - Verify required credentials: SIMMER_API_KEY is required (primary); only provide WALLET_PRIVATE_KEY if you understand the risk of giving a private key to client software. Prefer using a managed wallet if offered. - Do not trust the top-line registry summary alone — clawhub.json declares SIMMER_API_KEY as required even though the registry summary said none. - Check and reconcile environment variable names and defaults between SKILL.md, config.json, and clawhub.json. Mistmatched names can cause misconfiguration and accidental secret placement. - Run the skill in dry-run mode (python elon_tweets.py) and use scripts/status.py to inspect what actions it would take before enabling --live or scheduling it. - Avoid providing a full-funds, long-lived private key. If you must provide signing credentials, use a wallet with limited funds and permissions, or a dedicated signing key you can revoke. - Review the simmer-sdk package source you're installing (pip) to ensure it is the official SDK and has no unexpected behavior. - Be cautious with '--no-safeguards' and any automated cron scheduling until you confirm behavior in a controlled environment. If you want higher confidence, request: (1) clarification from the publisher about required env var names and defaults, (2) the simmer-sdk package origin/version they expect, and (3) confirmation that WALLET_PRIVATE_KEY is only used locally for signing and is not transmitted.

Review Dimensions

Purpose & Capability: noteThe code and instructions implement a Polymarket trading strategy using the Simmer SDK and XTracker public API, which matches the described purpose. Requesting a SIMMER_API_KEY and (optionally) a WALLET_PRIVATE_KEY is expected for a trading skill. However, the top-level summary in the registry said "Required env vars: none" while clawhub.json clearly declares SIMMER_API_KEY as required — that's an incoherent metadata mismatch that could mislead users about required credentials.
Instruction Scope: noteRuntime instructions and scripts call only the expected external services (XTracker public API at xtracker.polymarket.com and Simmer at api.simmer.markets) and perform trading, portfolio queries, and local state writes. The skill auto-imports markets via the Simmer SDK (expected for an automated importer). Concerning items: SKILL.md and the CLI expose a '--no-safeguards' flag that disables protections, and the code reads an undocumented environment variable (AUTOMATON_MAX_BET) — these expand runtime discretion and should be used with caution. The skill writes local state (state/failed_trades.json) under its directory.
Install Mechanism: noteThere is no archive download or arbitrary remote installer. The skill depends on the pip package simmer-sdk (declared in clawhub.json and required by code). The registry shows no explicit install script, but installing the pip dependency is the expected mechanism. This is moderate risk but normal for a Python skill; ensure you install simmer-sdk from the official source (pypi or the vendor) and review that package before installation.
Credentials: concernRequesting SIMMER_API_KEY (primaryEnv) is proportional to the trading purpose. Requesting WALLET_PRIVATE_KEY is also explainable for client-side signing of trades, but it's highly sensitive — the SKILL.md and clawhub.json are inconsistent about whether env variables are required, and several env variable names/keys differ across SKILL.md, config.json, and clawhub.json (e.g., SIMMER_ELON_MAX_BUCKET_SUM vs SIMMER_ELON_MAX_POSITION_USD vs SIMMER_ELON_MAX_POSITION). There are also mismatched defaults between config.json and clawhub.json tunables. These inconsistencies increase risk of misconfiguration and accidental secret exposure. The code also reads an undocumented AUTOMATON_MAX_BET env var.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable only. It writes state files within its own directory (failed_trades.json) and does not modify other skills or global agent configuration. Autonomous invocation (model invocation not disabled) is the platform default; combined with the ability to trade it increases blast radius if misused, but the skill itself does not request elevated persistent privileges.