Polymarket Candle Timeframe Mismatch Trader
v1.0.1Multi-timeframe analysis for crypto Up or Down markets on Polymarket. Detects when 5-minute candle consensus diverges from the hourly market and trades conve...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a Polymarket trading strategy and the code (trader.py) implements market discovery, consensus detection, sizing, and order submission via simmer_sdk. This matches the stated purpose. One inconsistency: the registry metadata at the top of the report claimed "Required env vars: none / Primary credential: none," but the included clawhub.json and SKILL.md explicitly require SIMMER_API_KEY (and clawhub.json lists a pip dependency simmer-sdk). That mismatch in the registry summary is an administrative inconsistency but does not indicate malicious intent.
Instruction Scope
SKILL.md and trader.py limit actions to Polymarket/Simmer operations (market discovery, parsing, signal computation, and trading). The skill defaults to paper trading (venue=sim) and will only use live trading with an explicit --live flag. The instructions do not request unrelated system files or credentials.
Install Mechanism
There is no explicit installer script in the package, but clawhub.json declares a pip dependency on 'simmer-sdk'. Installing a third-party Python package is normal for this functionality but carries the usual supply-chain risk — the runtime will import and call SimmerClient from that package.
Credentials
Only one required secret is declared: SIMMER_API_KEY, which is proportional to a trading skill that needs to authenticate to a trading service. The code also reads several SIMMER_* tunables (MAX_POSITION, etc.), which are declared in clawhub.json as adjustable parameters. No unrelated credentials or file paths are requested.
Persistence & Privilege
The skill is not always-enabled (always: false) and autostart is false, so it will not run automatically on install. The package declares an automaton entrypoint (trader.py) but does not force execution. The code attempts to call _client.apply_skill_config(SKILL_SLUG) if available, which is a reasonable attempt to load config from the Simmer runtime and is wrapped to fail safely outside that environment.
Assessment
This skill appears to do what it says: a Polymarket trading strategy that uses the Simmer platform. Before installing or running it: 1) Treat SIMMER_API_KEY as a high-value secret — only provide an API key with the permissions you intend (use a test/key with limited funds if possible). 2) Run in paper mode first (no --live) to verify behaviour. 3) Be aware that pip installing 'simmer-sdk' will run third-party code — verify the package source and review its docs. 4) Note the registry metadata summary in the package listing was inconsistent (it claimed no required env), but the code and clawhub.json do require SIMMER_API_KEY; prefer the files over the summary. 5) If you plan to enable automated runs, audit scheduling/hosting environment and API key scopes to limit potential financial exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk97aj26kyjg22e9cxzmwy5eth5846e59
License
MIT-0
Free to use, modify, and redistribute. No attribution required.