Prediction Trade Journal
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: prediction-trade-journal Version: 1.1.13 The prediction-trade-journal skill is a legitimate tool for tracking and analyzing trades from the Simmer platform. It fetches trade data from the official API (api.simmer.markets) using a user-provided API key and stores it locally in JSON format for reporting and analysis. The code in tradejournal.py and scripts/status.py is transparent, lacks obfuscation, and does not exhibit any signs of data exfiltration to unauthorized endpoints or malicious execution patterns.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Simmer API key may allow access to private trading/account data, and possibly more if the key is not read-only.
The skill sends a bearer API key when calling the Simmer API. This is disclosed and purpose-aligned for syncing trade history, but trading-account credentials can be high-value if over-scoped.
SIMMER_API_KEY = os.environ.get("SIMMER_API_KEY", "") ... "Authorization": f"Bearer {SIMMER_API_KEY}"Use a read-only or least-privilege Simmer API key if available, keep it revocable, and verify any SIMMER_API_URL override before use.
Local files may contain trading history, P&L, strategy notes, and confidence judgments that should not be shared casually.
The journal persists trading history and allows enrichment with thesis, confidence, and source context. This is central to the skill, but the stored data can be sensitive and may influence future reports.
Trades are stored locally in `data/trades.json` ... Other skills can enrich trades with context
Keep the skill data directory private, review exports before sharing them, and treat context added by other skills as user-reviewable input.
Installing an unpinned package can change behavior over time if the package is updated or if the wrong package source is used.
The setup asks users to install an external package without pinning a version. This appears related to the Simmer integration, but version/provenance is not tightly bounded.
pip install simmer-sdk
Install from a trusted package index, consider pinning an expected simmer-sdk version, and verify the package publisher before installation.