ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Btc Sprint Stack

v0.4.2

Trade BTC 5m/15m Polymarket fast markets on Simmer with dry-run-first execution, fee-aware filtering, bankroll limits, flat signal_data, journaling, heartbea...

0· 108·0 current·0 all-time
byCaptain@captainslab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements a BTC-only Simmer trading bot (signals, regime filtering, execution, journaling, LLM decision layer) which matches the skill name and description. The package's internal clawhub.json declares pip deps (simmer-sdk, eth-account, google-auth, requests) and env vars (SIMMER_API_KEY, LLM_API_KEY), which are reasonable for a trading+LLM integration. However the registry metadata/skill summary shown earlier reported no required env vars or credentials — an inconsistency between declared registry metadata and the packaged manifest.
!
Instruction Scope
SKILL.md and main.py expect to call external services (Simmer API, Binance public API, LLM providers) and to read/write local data files (data/*.jsonl). The runtime will insist SIMMER_API_KEY is present (main.py will exit otherwise). The LLM layer supports multiple provider flows and may read host auth files or environment tokens (see below). The SKILL.md does not enumerate all env vars and local credential paths the code will use, granting the skill broader scope than documented.
Install Mechanism
There is no explicit install spec in the top-level manifest delivered to the platform, but clawhub.json lists pip dependencies (simmer-sdk, eth-account, google-auth, requests). Those packages are plausible for the bot. The lack of a single explicit install section in SKILL.md/manifest is an inconsistency to be aware of (platform may attempt to install pip deps based on clawhub.json).
!
Credentials
The code requires SIMMER_API_KEY and some LLM credentials (clawhub.json lists LLM_API_KEY). In addition the LLM provider implementation will accept/attempt multiple credential sources: CODEX_OAUTH_TOKEN or ~/.codex/auth.json (reads user's home), Google Application Default Credentials via google-auth (which reads host ADC files), and optional WALLET_PRIVATE_KEY (the code documents wallet linkage/USDC.e approval when present). Those additional credential paths are not prominently documented in SKILL.md but allow access to host-stored secrets or private keys — this is disproportionate unless you intentionally enable those providers/keys.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request system-wide configuration changes. It will create and update local files under its data/ directory (journal.jsonl, llm_decisions.jsonl, live_params.json, pending_rules.json). The potential to read ~/.codex/auth.json and to perform wallet linkage when WALLET_PRIVATE_KEY is set is notable but the skill does not modify other skills or global agent settings.
What to consider before installing
What to check before installing/running: 1) Expect to provide a SIMMER_API_KEY and some LLM credentials (or select an LLM provider). The package's internal manifest (clawhub.json) requires these even though the top-level registry metadata omitted them — treat that as a red flag. 2) The code will make network calls (Simmer, Binance, LLM providers, Discord if you enable webhooks) and will read/write files in the skill directory (data/*.jsonl). 3) The LLM layer may read additional credential locations: ~/.codex/auth.json or CODEX_OAUTH_TOKEN, and/or use Google ADC (google-auth) which can access host Google credentials; the skill also documents performing wallet linkage if WALLET_PRIVATE_KEY is set. Do not set WALLET_PRIVATE_KEY or point the skill at your primary cloud or codex credentials unless you understand the consequences. 4) Run only in dry-run mode first and in an isolated environment (dedicated test API keys, limited permissions, or a disposable VM/container). 5) If you plan to use live trading: create least-privilege API keys for Simmer, avoid using personal Google or Codex host credentials, and review data files and logs regularly. 6) The mismatch between declared required env vars in the registry vs. clawhub.json suggests the package metadata may be incomplete or out of date — ask the author to clarify required env vars and credential flows before enabling live operation.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716rk88njmkjtnhgzxsn83dx84cq4m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments