Polymarket Energy Transition Trader
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live mode is enabled, the bot may trade lower-volume or near-resolution markets than the documentation leads a user to expect, increasing financial risk.
The runtime/config defaults are less protective than the documented tunables. For a live trading skill, this makes the real trading scope and safeguards less clear than the user-facing documentation suggests.
SKILL.md: `SIMMER_MIN_VOLUME` | `5000` and `SIMMER_MIN_DAYS` | `7`; trader.py: SIMMER_MIN_VOLUME default '1000' and SIMMER_MIN_DAYS default '0'; clawhub.json: defaults 1000 and 0.
Align SKILL.md, trader.py, and clawhub.json defaults; use conservative minimum volume and days-to-resolution settings before any live run.
A live run can spend USDC and create financial exposure.
The skill can perform real-money trades when explicitly run in live mode. This is disclosed and purpose-aligned, but it is high-impact authority.
`python trader.py --live` | Live (polymarket) | Real USDC
Use paper mode first; only run with --live when you explicitly intend real trading and have set position limits you accept.
Anyone or any process with this key may be able to place trades through the service.
The required credential grants trading authority for the integrated service. That fits the stated purpose, but it is sensitive and higher impact than ordinary API access.
`SIMMER_API_KEY` | Yes | Trading authority. Treat as high-value credential.
Use a revocable, least-privilege key if available; keep it out of logs and shared environments, and rotate it if the skill or host is no longer trusted.
A future or unexpected SDK version could change behavior, including trading behavior.
The skill depends on a third-party SDK without a version pin in the supplied manifest. The dependency is central to the purpose, but the exact installed code/version is not fixed by the artifact.
"pip": ["simmer-sdk"]
Pin and review the SDK version used in any production or live-trading deployment.