ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Mert Sniper

v1.1.2

Near-expiry conviction trading on Polymarket. Snipe markets about to resolve when the odds are heavily skewed. Filter by topic, cap your bets, and only trade...

0· 1.8k·10 current·10 all-time
byAD88@adlai88
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md and code align: this is a Polymarket/Simmer-based expiry-sniping trading tool that discovers markets, evaluates splits and can place trades via the Simmer SDK. The required pip dependency (simmer-sdk) and API endpoints are appropriate for the stated purpose. Minor inconsistency: the top-level registry summary indicated no required env vars, but clawhub.json and the scripts require SIMMER_API_KEY (expected).
!
Instruction Scope
SKILL.md explicitly instructs the user to provide a WALLET_PRIVATE_KEY for live trading and to install simmer-sdk. The runtime instructions and scripts access Simmer API endpoints and the Polymarket CLOB endpoints only (expected). However, SKILL.md asks for the wallet private key (sensitive) while metadata/clawhub.json do not list it as a required env var — the agent instructions request a secret that isn't declared in the package manifest, increasing risk of accidental exposure or misconfiguration.
Install Mechanism
No install script is bundled; dependencies are a pip package 'simmer-sdk' declared in clawhub.json. Using a published SDK from PyPI is a typical install mechanism for a Python trading skill and is proportional to the task. There are no remote arbitrary downloads or archive extraction in the package itself.
!
Credentials
The skill legitimately requires a Simmer API key to use the SDK and to fetch portfolio/market data (SIMMER_API_KEY is declared in clawhub.json). It also asks users to supply WALLET_PRIVATE_KEY for live trading; that is functionally plausible but is a very sensitive secret (full control over funds). The manifest does not declare WALLET_PRIVATE_KEY, and the code does not directly reference that env var (it relies on the Simmer SDK to handle signing), creating an unclear trust boundary and potential for accidental exposure.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not attempt to alter other skills or system-wide configs. It uses automaton managed entrypoint metadata but does not request elevated platform privileges.
What to consider before installing
This skill is plausibly what it claims (an automated Polymarket sniping bot using the Simmer SDK), but exercise caution before running live. Key points: - SIMMER_API_KEY: required and expected for API access; provide only a key with the minimal necessary scope. Confirm the key comes from https://simmer.markets/dashboard and review its permissions. - WALLET_PRIVATE_KEY: SKILL.md tells you to provide this for live trades. A private key grants control of on-chain funds—only provide it if you fully trust the SDK and code. Prefer hardware wallets, delegated signing, or a wallet with limited funds. If you must use an env var, rotate the key after testing. - Metadata mismatch: the package manifest (clawhub.json) lists SIMMER_API_KEY but does not declare WALLET_PRIVATE_KEY even though the README asks for it. This inconsistency could lead to accidental disclosure or misconfiguration—ask the author to clarify and to declare all required env vars explicitly. - Audit the simmer-sdk and review the code paths that perform trades (SimmerClient.trade). The repo itself calls Simmer API endpoints and Polymarket's CLOB; no obfuscated or network-exfiltration code was found in the provided files, but external SDK behavior matters. - Test in dry-run mode extensively before using --live. Limit funds, consider creating a test account or using minimal balances, and monitor activity. If anything is unclear from the author (how the SDK signs transactions, what is transmitted, or what permissions the API key has), request clarification before trusting live execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bg8nvzgrh8aebcsbahqyf6984z581
1.8kdownloads
0stars
15versions
Updated 9h ago
v1.1.2
MIT-0
AD88@adlai88
latest
Download

Mert Sniper

Near-expiry conviction trading on Polymarket. Snipe markets about to resolve when the odds are heavily skewed.

Strategy by @mert — filter by topic, cap your bets, wait until near expiry, and only trade strong splits.

This is a template. The default logic (expiry + split filter) gets you started — remix it with your own filters, timing rules, or market selection criteria. The skill handles all the plumbing (market discovery, trade execution, safeguards). Your agent provides the alpha.

When to Use This Skill

Polymarket only. All trades execute on Polymarket with real USDC. Use --live for real trades, dry-run is the default.

Use this skill when the user wants to:

  • Trade markets that are about to resolve (last-minute conviction bets)
  • Filter by topic (e.g. only SOL/crypto markets)
  • Cap bet size (e.g. never more than $10)
  • Only trade when odds are strongly skewed (e.g. 60/40 or better)
  • Run an automated expiry-sniping strategy

Setup Flow

  1. Install the Simmer SDK

    pip install simmer-sdk

  2. Ask for Simmer API key

    • Get it from simmer.markets/dashboard -> SDK tab
    • Store in environment as SIMMER_API_KEY

  3. Ask for wallet private key (required for live trading)

    • This is the private key for their Polymarket wallet (the wallet that holds USDC)
    • Store in environment as WALLET_PRIVATE_KEY
    • The SDK uses this to sign orders client-side automatically — no manual signing needed

  4. Ask about settings (or confirm defaults)

    • Market filter: Which markets to scan (default: all)
    • Max bet: Maximum per trade (default $10)
    • Expiry window: How close to resolution (default 2 minutes)
    • Min split: Minimum odds skew (default 60/40)

  5. Save settings to config.json or environment variables

Configuration

SettingEnvironment VariableDefaultDescription
Market filterSIMMER_MERT_FILTER(all)Tag or keyword filter (e.g. solana, crypto)
Max betSIMMER_MERT_MAX_BET10.00Maximum USD per trade
Expiry windowSIMMER_MERT_EXPIRY_MINS2Only trade markets resolving within N minutes
Min splitSIMMER_MERT_MIN_SPLIT0.60Only trade when YES or NO >= this (e.g. 0.60 = 60/40)
Max trades/runSIMMER_MERT_MAX_TRADES5Maximum trades per scan cycle
Smart sizing %SIMMER_MERT_SIZING_PCT0.05% of balance per trade

Quick Commands

# Check account balance and positions
python scripts/status.py

# Detailed position list
python scripts/status.py --positions

API Reference:

  • Base URL: https://api.simmer.markets
  • Auth: Authorization: Bearer $SIMMER_API_KEY
  • Portfolio: GET /api/sdk/portfolio
  • Positions: GET /api/sdk/positions

Running the Skill

# Dry run (default -- shows opportunities, no trades)
python mert_sniper.py

# Execute real trades
python mert_sniper.py --live

# Filter to specific markets
python mert_sniper.py --filter solana

# Custom expiry window (5 minutes)
python mert_sniper.py --expiry 5

# With smart position sizing (uses portfolio balance)
python mert_sniper.py --live --smart-sizing

# Check positions only
python mert_sniper.py --positions

# View config
python mert_sniper.py --config

# Disable safeguards (not recommended)
python mert_sniper.py --no-safeguards

How It Works

Each cycle the script:

  1. Fetches active markets from Simmer API (optionally filtered by tag/keyword)
  2. Filters to markets resolving within the expiry window (default 2 minutes)
  3. Checks the price split -- only trades when one side >= min_split (default 60%)
  4. Determines direction: backs the favored side (higher probability)
  5. Safeguards: Checks context for flip-flop warnings, slippage, market status
  6. Execution: Places trade on the favored side, capped at max bet
  7. Reports summary of scanned, filtered, and traded markets

Example Output

🎯 Mert Sniper - Near-Expiry Conviction Trading
==================================================

  [DRY RUN] No trades will be executed. Use --live to enable trading.

  Configuration:
  Filter:        solana
  Max bet:       $10.00
  Expiry window: 2 minutes
  Min split:     60/40
  Max trades:    5
  Smart sizing:  Disabled
  Safeguards:    Enabled

  Fetching markets (filter: solana)...
  Found 12 active markets

  Markets expiring within 2 minutes: 2

  SOL highest price on Feb 10?
     Resolves in: 1m 34s
     Split: YES 72% / NO 28%
     Side: YES (72% >= 60%)
     [DRY RUN] Would buy $10.00 on YES

  Summary:
  Markets scanned: 12
  Near expiry:     2
  Strong split:    1
  Trades executed: 0

  [DRY RUN MODE - no real trades executed]

Troubleshooting

"No markets found"

  • Check your filter -- try without a filter first
  • Markets may not be available (check simmer.markets)

"No markets expiring within window"

  • Increase expiry window: --expiry 10 (10 minutes)
  • Or run more frequently (cron every minute)

"Split too narrow"

  • Lower the min split: --set min_split=0.55
  • This trades more often but with less conviction

"Resolves in: 17h" on 15-min markets

  • Polymarket's endDate is the event-level end-of-day, not the individual market close time
  • For 15-min crypto markets (e.g. "BTC Up or Down - Feb 8, 11PM ET"), the actual close time is in the question text but not in the API
  • This is a Polymarket data limitation — widen the expiry window (--expiry 1080) as a workaround, or use the split filter to find conviction opportunities regardless of timing

"External wallet requires a pre-signed order"

  • WALLET_PRIVATE_KEY is not set in the environment
  • The SDK signs orders automatically when this env var is present — no manual signing code needed
  • Fix: export WALLET_PRIVATE_KEY=0x<your-polymarket-wallet-private-key>
  • Do NOT attempt to sign orders manually or modify the skill code — the SDK handles it

"Balance shows $0 but I have USDC on Polygon"

  • Polymarket uses USDC.e (bridged USDC, contract 0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174) — not native USDC
  • If you bridged USDC to Polygon recently, you likely received native USDC
  • Swap native USDC to USDC.e, then retry

"API key invalid"

  • Get new key from simmer.markets/dashboard -> SDK tab

Comments

Loading comments...