Skillv1.0.10

ClawScan security

Polymarket FastLoop Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 1:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a genuine Polymarket/Simmer trading template, but there are internal inconsistencies (metadata vs. files), undeclared environment access, and operational instructions (cron/live mode) that could lead to unintended live trading — review before installing or scheduling.
Guidance: This is a trading template that will place real trades if you run it with --live and provide a wallet key and TRADING_VENUE=polymarket. Before installing or scheduling: 1) Confirm the real required env vars (SIMMER_API_KEY, TRADING_VENUE) — the registry metadata is stale/inconsistent. 2) Keep any WALLET_PRIVATE_KEY in a secure vault, not plain environment files if possible, and only enable live mode after manual testing. 3) Audit the code (network calls to Polymarket, Binance/other feeds, and any replacement signal hooks) to ensure no unexpected endpoints are used. 4) Run extensively in paper mode (simmer venue) and verify daily_budget/max_position limits are enforced. 5) Remove or review any cron/automaton entries before enabling automated live runs. If you want higher confidence, ask the publisher for an explicit install manifest and a provenance/maintainer contact, or run the skill in an isolated environment first.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (automated Polymarket/Simmer trading) reasonably requires a Simmer API key, execution venue, and optionally a wallet private key — and both SKILL.md and clawhub.json declare SIMMER_API_KEY and TRADING_VENUE. However the top-level registry metadata reported 'Required env vars: none', which is inconsistent with the files. The requested credentials (SIMMER_API_KEY, TRADING_VENUE, optional WALLET_PRIVATE_KEY) are proportional to trading functionality but the metadata mismatch is confusing and worth flagging.
Instruction Scope: concernRuntime instructions and the Python code perform network calls (Simmer SDK, Polymarket CLOB API, likely CEX feeds such as Binance), write local cache and ledger files (fast_markets_cache.json, fastloop_ledger.json, daily_spend.json), and explicitly recommend scheduling cron jobs to run live trades. Writing local caches/ledgers is expected, but the SKILL.md encourages unattended live trading (cron + --live), which increases operational risk. The skill also references optional external signals (NOFX institutional flow) and allows replacing signal sources — these imply additional network usage not tightly constrained by the description.
Install Mechanism: noteThere is no install spec included in the registry metadata, but clawhub.json lists a pip dependency 'simmer-sdk' (and the SKILL.md and code assume pip install simmer-sdk). This is not high-risk (standard pip package) but the lack of an explicit install section in the top-level metadata is an inconsistency to be aware of.
Credentials: noteThe environment variables the skill needs (SIMMER_API_KEY, TRADING_VENUE, optional WALLET_PRIVATE_KEY) are expected for a trading agent. However the code also reads other environment values (e.g., AUTOMATON_MAX_BET) that are not declared in the SKILL.md/clawhub.json as required/optional. Requiring a wallet private key as an env var is normal for live trading but is sensitive — the skill instructs signing locally, but storing private keys in env variables still carries risk and should be minimized or done via secure vault.
Persistence & Privilege: noteThe skill is not 'always: true' and does not request elevated system-wide privileges. It is automaton-managed in clawhub.json (entrypoint set and cron suggested), which means it is designed to run on a schedule and can execute trades autonomously if configured. That behavior is expected for a trading skill but magnifies the impact of any bugs or misconfiguration (e.g., accidental live mode).