Skillv0.0.3

ClawScan security

Polymarket Bundle Crypto Hourly Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 2:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime dependency (simmer-sdk + SIMMER_API_KEY) are coherent with an automated Polymarket trading tool, but there are metadata inconsistencies and a few operational risks you should confirm before installing.
Guidance: Key points to check before installing: 1) The skill requires SIMMER_API_KEY (trading authority) despite the registry summary claiming none — verify you are willing to give that API key. 2) Review the simmer-sdk package (PyPI and GitHub) to confirm the client does what you expect and has no unexpected network endpoints. 3) Test entirely in paper mode (default) and confirm autostart is disabled locally; only enable --live when you trust the code and the API key scope. 4) Ensure the SIMMER_API_KEY has least privilege (limit withdrawal/transfer rights if possible) and rotate it if you later revoke trust. 5) The owner and homepage are missing/unknown — prefer skills from known publishers or inspect the full code; if you cannot audit simmer-sdk or the Simmer service, treat real trading as high risk. If you want higher confidence, ask the publisher for a signed homepage/repo link and a changelog, or run the skill in an isolated environment and inspect network traffic while in paper mode.

Review Dimensions

Purpose & Capability: noteThe skill's declared dependency (simmer-sdk) and the code (trader.py) match the stated purpose of trading Polymarket Up/Down markets. However, the registry summary at the top (requirements: none) contradicts the included clawhub.json and SKILL.md which require SIMMER_API_KEY and list simmer-sdk as a pip dependency. That metadata mismatch is a coherence problem (likely packaging/documentation error) but not necessarily malicious.
Instruction Scope: okSKILL.md and trader.py describe market discovery, bundle construction, and trade execution and confine network activity to the Simmer client (and optionally external exchange APIs as a remix idea). The instructions emphasize paper mode by default and require an explicit --live flag for real trades. The runtime instructions do not tell the agent to read unrelated files or exfiltrate data.
Install Mechanism: okThere is no arbitrary URL download. The manifest requests a PyPI package (simmer-sdk), which is a standard, traceable install mechanism. No extract-from-URL or unknown host installs are present.
Credentials: noteThe only required secret in the files is SIMMER_API_KEY (used to authenticate to the Simmer client) which is proportionate to a trading skill. The code also reads a set of SIMMER_* tunables from environment (reasonable). The note: the top-level 'Requirements' summary incorrectly lists no required env vars while clawhub.json and SKILL.md require SIMMER_API_KEY — this inconsistency should be resolved before trusting the skill.
Persistence & Privilege: okThe skill does not request always:true and autostart is false. The clawhub.json declares an automaton entrypoint but autostart:false means it won't run automatically. disable-model-invocation is false (normal). The skill does not attempt to modify other skills or global agent settings.