Simmer
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: simmer Version: 1.24.0 The skill provides a legitimate interface for AI agents to interact with prediction markets like Polymarket and Kalshi. It includes well-documented safety rails, such as paper-trading by default, mandatory human verification via a 'claim_url' for real-money transactions, and configurable trade limits. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found in SKILL.md or the associated configuration files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured for real venues, the agent may place trades that can lose real money, though the visible instructions describe paper-mode defaults, caps, and human verification.
The core capability is financial trading through API calls. This is purpose-aligned and disclosed, but real-money trading is high-impact and should be used only with clear user intent.
Trade prediction markets as an AI agent. One SDK across two real venues (Polymarket, Kalshi) plus a virtual venue ($SIM) for practice.
Start in paper mode, confirm the venue before each real-money trade, keep dashboard limits low, and require explicit user approval for real-money actions.
Anyone or any agent process with the API key may be able to act through the Simmer account within configured limits.
The skill requires a Simmer API key, and real-money use also involves human verification and wallet linking. This credential use is expected for the stated trading service, but it grants account-level trading authority.
primaryEnv: SIMMER_API_KEY ... required: true ... Your Simmer SDK API key
Store the API key securely, rotate it if exposed, use the lowest practical trading limits, and avoid enabling real venues unless intended.
Installing the SDK runs code from outside the reviewed skill artifacts.
The skill depends on an external Python SDK that is not included or pinned in the reviewed artifacts. This is common for integrations, but users rely on the external package supply chain.
"pip": [
"simmer-sdk"
]Install from a trusted package source, consider pinning a known-good version, and review the SDK package if using it with real funds.
Some wallet or position-management actions may happen automatically according to platform defaults, including stop-loss monitoring and winning-position redemption.
The skill describes ongoing server-side monitoring and default auto-redemption actions. These are disclosed and trading-related, but they can perform financial actions after the initial trade or during later API calls.
Every buy gets a server-side risk monitor at 50% drawdown ... Auto-redeem (managed wallets only): ON by default ... Redemption fires on /context, /trade, and /batch calls
Review monitor and auto-redeem settings before real-money use, and disable automatic behaviors if you want every financial action to require separate approval.