ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Signal Sniper

v1.4.5

Snipe Polymarket opportunities from your own signal sources. Monitors RSS feeds with Trading Agent-grade safeguards.

0· 1.4k·10 current·10 all-time
byAD88@adlai88
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Polymarket sniping from user signal sources) align with the code and SKILL.md: it polls RSS feeds, matches keywords, calls a Simmer SDK for safeguards and trade execution. However, the top-level registry metadata in the evaluation header said no required env vars, while clawhub.json and the code require SIMMER_API_KEY; additionally SKILL.md instructs the user to provide WALLET_PRIVATE_KEY but the manifest (clawhub.json) does not declare that env var. That inconsistency between declared requirements and runtime instructions is unexpected.
!
Instruction Scope
Runtime instructions ask the user to install simmer-sdk and to supply an API key and (for live trading) a wallet private key stored in the environment. Asking for a wallet private key is expected for live automated order signing, but SKILL.md also suggests switching data sources arbitrarily (APIs, scrapers, social media) which expands the data-collection surface. The code does perform network fetches (RSS and Simmer API) and reads/writes a local state file; it contains URL validation and optional secure XML parsing, which are good, but the instructions' request to put a private key in an environment variable is sensitive and not fully documented in the manifest—this is a scope/privilege mismatch to flag.
Install Mechanism
No exotic install mechanism. The skill relies on pip-installing 'simmer-sdk' (declared in clawhub.json and SKILL.md). There are no downloads from arbitrary URLs or unpack/extract steps in the provided files.
!
Credentials
SIMMER_API_KEY is required and appropriate for a client that talks to the Simmer API. However: (1) SKILL.md instructs the user to provide WALLET_PRIVATE_KEY for live trading (sensitive), but clawhub.json does not declare that env variable; (2) the evaluation header initially listed no required env vars, which is inconsistent with clawhub.json and code. Requesting a private key is proportionate only if the skill truly needs to sign orders client-side; the manifest should declare this explicitly and the documentation should describe secure handling options (hardware wallet, ephemeral signing, or delegated signing).
Persistence & Privilege
The skill is not always-enabled and does not request unusual platform privileges. It writes/reads its own state file (processed.json) under its skill directory and uses automaton-managed entrypoint behavior (clawhub.json notes automaton managed true, autostart false). It does not appear to modify other skills or global agent settings.
What to consider before installing
This skill appears to do what it says (poll RSS, match keywords, call the Simmer SDK to evaluate safeguards and place trades), but there are a few red flags you should understand before installing: - Do not paste your wallet private key into tools you haven't audited. The SKILL.md tells you to store WALLET_PRIVATE_KEY in an environment variable for live trading; that is sensitive and the manifest does not declare it. Ask the author why the manifest omits this and consider alternatives (use paper trading, use an API that supports delegated signing, or use a wallet that supports ephemeral signatures/hardware signing). - Verify the simmer-sdk package and Simmer API: review the simmer-sdk source (pip package owner, GitHub repo) to ensure it handles keys securely and does not exfiltrate secrets. Because the skill will make network requests and can be run autonomously (automaton-managed entrypoint), a malicious SDK could place trades or leak keys. - Favor running first in dry-run / scan-only mode and with minimal funds. Use --scan-only or --dry-run to verify signal matching and safeguards before enabling --live. - Inspect where state/config files are stored and run the skill in an isolated environment (container or VM) if you plan to provide a real private key. Rotate keys after testing. - Ask the publisher for provenance: the package has no homepage and source is unknown; consider only using code from known maintainers or after a code review. If you are not able to verify the simmer-sdk and the WALLET_PRIVATE_KEY handling, treat this skill as high risk. If you want, I can: (a) search the remaining truncated parts of signal_sniper.py for any direct use of WALLET_PRIVATE_KEY or network endpoints, (b) help draft questions to the author about how keys are used/stored, or (c) propose safer alternatives for signing trades.

Like a lobster shell, security has layers — review code before you run it.

latestvk975dkgr6akv31mm54wr4rabdx84ysjx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments