Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Simmer
v1.20.3The best prediction market interface for AI agents. Trade on Polymarket and Kalshi, all through one API, with self-custody wallets, safety rails, and smart c...
⭐ 21· 8k·30 current·32 all-time
byAD88@adlai88
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to act as a prediction-market interface (Polymarket, Kalshi) and the SKILL.md describes expected behaviors (registering an agent, API key, managed vs external wallets, signing transactions). Those capabilities reasonably require an API key and, for external wallets, a private key. So the required capabilities align with the stated purpose — however, the metadata declares no env vars/credentials while the runtime instructions clearly require them, which is inconsistent.
Instruction Scope
The SKILL.md instructs agents/users to: register to obtain an api_key and export it (SIMMER_API_KEY), and optionally set WALLET_PRIVATE_KEY in the environment to enable local signing. It also describes server-side signing with the API key (managed wallet) and an auto-redeem flow that returns unsigned_tx to be signed and broadcast. Those instructions involve handling and transmitting sensitive secrets and transactions and give the remote API the ability to redeem/trade when using the managed wallet. The instructions therefore extend beyond simple read-only queries into credential management and signing flows; combined with the lack of declared env vars this is a scope/visibility problem.
Install Mechanism
This is instruction-only (no install spec, no code files). That is lower risk from an install mechanism perspective because nothing is written to disk by an installer. The SKILL.md references an SDK and pip package (eth-account) for local signing, but does not attempt to install anything automatically — acceptable for a documentation-only skill.
Credentials
The runtime instructions require sensitive values (SIMMER_API_KEY and WALLET_PRIVATE_KEY) and recommend exporting them into environment variables, but the skill metadata declares no required environment variables or primary credential. That mismatch reduces transparency: a user cannot see what secrets the skill will ask for without reading the large SKILL.md. Requesting a private key (WALLET_PRIVATE_KEY) is proportionate to the external-wallet signing use case, but needs explicit declaration and stronger guidance (avoid storing long-lived private keys in plain env vars, prefer hardware signing). The managed-wallet option (server-side signing with API key) implies the API key grants the service power to trade/redeem on the user's behalf — this must be clearly understood by users.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. There is no install step that modifies other skills or global agent configuration. That level of persistence and privilege is appropriate for an instruction-only trading interface.
What to consider before installing
This skill contains actionable instructions to register an agent, store an API key, and optionally place a raw private key in an environment variable for local signing — but the skill metadata does not declare those env vars. Before installing or using it, consider:
- Read the full SKILL.md and the referenced docs (https://docs.simmer.markets) to confirm exact flows and scopes. The registry metadata alone is incomplete.
- Treat any SIMMER_API_KEY as sensitive: understand what the key can do (can the server sign/trade/redeem on your behalf?), what its lifetime and scopes are, and if there is a way to limit or revoke it. Test with a throwaway agent and tiny amounts first.
- Avoid storing private keys in plaintext env vars on shared or cloud hosts. Prefer external/hardware signing if possible; if you must use WALLET_PRIVATE_KEY, use ephemeral keys, ephemeral environments, or a secure secrets manager and rotate keys frequently.
- If you plan to use the managed-wallet option, understand that the server will perform signatures/trades for you — that is effectively granting custody rights to the service. Only enable it if you trust the operator and have verified their security policy.
- Verify the domain ownership and project legitimacy (simmer.markets, docs.simmer.markets). Confirm integration details with Polymarket/Kalshi addresses and token contracts in their docs before depositing real assets.
- Ask the publisher to update registry metadata to list required environment variables (SIMMER_API_KEY, WALLET_PRIVATE_KEY) and clarify what actions those credentials permit; absence of declared env vars is an information/consent gap.
Because of that information gap and the sensitive nature of keys, treat this skill as suspicious until the author/metadata explicitly declares required credentials and the operational security implications are clear.Like a lobster shell, security has layers — review code before you run it.
kalshivk97716h9ztjq2ye0cs2v0sqdhn80fykglatestvk973j8610s140a5q107v87p4hs84gf1ypolymarketvk97716h9ztjq2ye0cs2v0sqdhn80fykgprediction-marketsvk97716h9ztjq2ye0cs2v0sqdhn80fykgtradingvk9702ydag8nc4ztbmnzm0zyq59808z0g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.