Simmer Skill Builder
PassAudited by ClawScan on May 10, 2026.
Overview
This skill openly builds Simmer trading-bot skills that may use account credentials and can make real trades when run live, so generated code should be reviewed before use.
Install only if you intend to create Simmer trading skills. Review every generated file before installation, keep generated bots in dry-run mode until tested, use conservative trade limits, and protect SIMMER_API_KEY or any wallet/private-key credentials.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or low-quality tweet or web page could influence the generated bot’s trading logic if the output is not reviewed.
The builder intentionally uses user-provided social/web content and external docs to shape generated trading code. This is purpose-aligned, but untrusted text could include misleading strategy logic or prompt-like instructions.
They might: ... Paste a tweet or thread about a strategy ... Ask your human to provide the relevant API docs, or web-fetch them if you have access.
Treat external strategy text and fetched docs as data, not authority. Inspect generated SKILL.md, clawhub.json, and Python code before installing or running it.
If a generated skill is run with live trading enabled, it can spend real funds or sell positions according to its strategy logic.
The generated scripts are designed to support live trading, but the template makes dry-run the default and requires an explicit --live flag for real trades.
Usage:
python <script>.py # Dry run
python <script>.py --live # Real tradesRun generated skills in dry-run/paper mode first, set conservative position sizes and max trades, and only use --live after reviewing the code and strategy.
Anyone or any generated code with the API key may be able to access Simmer account data and, depending on configuration, perform trading actions.
The skill ecosystem expects a Simmer API key for account access. This is consistent with trading/account-status functionality, but it is a sensitive credential.
"requires": { "env": [ "SIMMER_API_KEY" ], "pip": [ "simmer-sdk" ] }Use a dedicated API key if possible, keep it out of generated files, avoid sharing logs, and revoke or rotate it if a generated skill behaves unexpectedly.
Future dependency changes could affect generated skills’ behavior or compatibility.
The required Python dependency is disclosed and central to the purpose, but it is not version-pinned in the artifact.
"pip": [ "simmer-sdk" ]
For production trading, consider pinning tested dependency versions and reviewing dependency updates before running live.
Persistent or remotely tuned settings could change how a bot trades across runs, including in live mode.
Generated skills can use persistent local config and automaton-provided tuning to influence thresholds, sizing, and other behavior.
Config priority: `config.json > automaton tuning > env vars > defaults`. When `slug` is provided, `load_config` automatically fetches tuned config from the Simmer Automaton
Review config.json, automaton tuning, and declared tunables before enabling automation or live trading.