ClawHub

Polymarket Micro Session Edge Trader

v1.0.4

Trades session-transition mean-reversion in 5-minute crypto "Up or Down" markets on Polymarket, fading directional bursts that occur during US, Asia, and Eur...

0· 76·0 current·0 all-time
by@diagnostikon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, clawhub.json and trader.py all describe a Polymarket micro-session fade trader. The only required credential (SIMMER_API_KEY) and the declared dependency (simmer-sdk) match the stated trading purpose. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs paper trading by default, explicit --live needed for real trades, and describes the data the bot parses (market questions, 5-min intervals). The instructions do not ask the agent to read unrelated files or exfiltrate data. The code reads environment vars only for tunables and API key as declared.
Install Mechanism
No custom download/install URLs are used. The manifest declares a pip dependency on simmer-sdk (PyPI/GitHub link provided), which is a standard package installation route. This is expected for a trading SDK, but as with any third-party package, it is a supply-chain risk to review.
Credentials
Only SIMMER_API_KEY is required (plus optional tunable env vars). That is proportional for a trading skill. The SKILL.md warns SIMMER_API_KEY is high-value. No extra tokens/keys or config paths are requested.
Persistence & Privilege
autostart is false and cron is null, so the skill will not run automatically by default. always is false. The skill is automaton-managed with entrypoint trader.py (normal for a runnable skill). It doesn't request elevated system privileges or modify other skills' configuration.
Assessment
This skill appears coherent and matches its stated purpose, but take these precautions before enabling it with live funds: 1) Keep the default paper mode and test extensively. 2) Treat SIMMER_API_KEY as a high-value credential: use a key with minimal permissions and rotate it if possible. 3) Audit or review the simmer-sdk package source (and its transitive dependencies) before installing to reduce supply-chain risk. 4) Note the bot assumes a fixed ET offset (ET_OFFSET = -4), which may mis-handle DST transitions—verify timing logic in your testing. 5) Ensure autostart remains disabled and only launch with --live after you’re confident in behavior and safeguards.

Like a lobster shell, security has layers — review code before you run it.

latestvk976skfw0hbj29n1vttc3k9321848hv8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments