Skillv0.0.3

ClawScan security

Polymarket Macro Crypto Geopolitics Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 2:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent for an automated Polymarket trading agent (it correctly requires a Simmer API key and defaults to paper trading), but there are metadata/inventory inconsistencies (registry metadata omits the required credential and the skill declares a pip dependency while the top-level install spec said 'none'), so the package metadata may be unreliable and requires careful review before granting any credentials or running live.
Guidance: This package appears to implement the described Polymarket trading strategy and only needs one credential (SIMMER_API_KEY) to place trades, and it defaults to paper trading — that is coherent. However: (1) the registry metadata you were shown is inconsistent with the shipped files: the skill actually requires SIMMER_API_KEY and lists a pip dependency ('simmer-sdk'), but the top-level summary claimed no env vars and no install. Treat that mismatch as a red flag: confirm which metadata source your platform will use at install/run time. (2) Only provide SIMMER_API_KEY if you trust the Simmer service and the author; prefer giving a key with limited permissions and low funds. (3) Keep default usage in paper mode (no --live) until you audit the simmer-sdk package and read trader.py fully (verify there are no hidden endpoints or token exfiltration). (4) Verify what apply_skill_config() does in your environment, since the code re-reads environment variables after calling it (the Simmer runtime could inject configuration). (5) If you plan to run live, rotate keys afterwards and limit trade size via the tunables. If you want higher assurance, ask the author to reconcile the registry metadata with the shipped files or run the code in an isolated environment and review the simmer-sdk package source before providing credentials.

Review Dimensions

Purpose & Capability: noteThe skill name, SKILL.md, clawhub.json, and trader.py all describe a Polymarket trading strategy and that behavior aligns with the declared pip dependency (simmer-sdk) and the single credential SIMMER_API_KEY used to authenticate trades. However, the registry summary provided at the top of the report (Requirements: 'Required env vars: none', 'Primary credential: none', 'Install specifications: No install spec — instruction-only skill') contradicts the actual files (SKILL.md and clawhub.json both require SIMMER_API_KEY and clawhub.json lists 'simmer-sdk' as a pip requirement). That metadata mismatch is suspicious because it could mislead automated gating systems or users about the credential and install requirements.
Instruction Scope: okSKILL.md instructs the agent to discover markets, compute geo_heat and crypto_optimism, detect divergence, and trade on Polymarket; trader.py implements those steps and defaults to paper trading unless run with an explicit --live flag. The instructions do not ask the agent to read unrelated files or pump data to unexpected external endpoints beyond the Simmer SDK/venue. All runtime actions described are within the stated trading purpose.
Install Mechanism: noteThere is no external arbitrary download; the package declares a pip dependency on 'simmer-sdk' in clawhub.json, which is a standard package-install mechanism. However, the top-level summary said 'No install spec — instruction-only skill' while clawhub.json contains a pip requirement; this inconsistency should be resolved. Relying on a pip package is normal but you should verify the simmer-sdk package's provenance before installing.
Credentials: concernFunctionally the skill only requires one credential, SIMMER_API_KEY, which is appropriate for placing trades via the Simmer client. The concern is that the registry metadata omitted this required credential, so a user might not realize they're granting a high-value trading API key. The code also re-reads environment variables after calling _client.apply_skill_config(), which means runtime configuration may be updated by the Simmer runtime — you should understand what apply_skill_config does in your environment.
Persistence & Privilege: okThe skill does not request always:true, autostart is false, and the automaton/entrypoint is declared but will not run live automatically. disable-model-invocation is false (normal). The skill does not appear to modify other skills' configuration; its persistence and privilege requests are proportional to its function.