Skillv0.0.3

ClawScan security

Polymarket Science Milestones Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 28, 2026, 2:22 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is broadly what it says (a Polymarket trading bot) but there are inconsistencies and operational risks you should understand before installing — notably a missing/undeclared required API key and the ability to place real trades when enabled.
Guidance: Before installing: 1) Confirm the SIMMER_API_KEY requirement — registry metadata omitted it but trader.py and clawhub.json require it. Only provide an API key scoped with the minimum required permissions (ideally paper-trading-only key) and rotate/remove keys after testing. 2) Review and vet the simmer-sdk package (pip) since it will handle network calls and trade execution. 3) Test thoroughly in paper mode (default) and verify CLI/automation cannot be started in live mode accidentally. 4) Because the skill can place financial trades when enabled, treat autonomous invocation carefully and restrict who/what can invoke it. 5) If the skill's source/origin is unknown, ask the publisher for provenance or prefer installing only from a trusted source. If you want, I can list exact lines in trader.py and clawhub.json that require the API key and tunables.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (trading Polymarket markets) matches the code: trader.py uses a SimmerClient to discover markets and place trades. However the registry-level metadata in the evaluation header claimed no required environment variables, while clawhub.json and trader.py require SIMMER_API_KEY and pip dependency simmer-sdk. That metadata mismatch is a meaningful inconsistency (the skill will fail or behave unexpectedly unless SIMMER_API_KEY is provided).
Instruction Scope: okSKILL.md and trader.py limit actions to market discovery, sizing, and trade execution; they don't instruct reading arbitrary system files or exfiltrating unrelated secrets. The skill expects the agent to supply 'alpha' signals but the runtime instructions and code do not request unrelated system data.
Install Mechanism: noteThere is no explicit platform install script, but clawhub.json declares a pip dependency (simmer-sdk). Installing a public pip package is a moderate-risk, common mechanism — acceptable if you trust simmer-sdk. There are no downloads from arbitrary URLs or obfuscated install steps in the provided files.
Credentials: concernThe code requires SIMMER_API_KEY (os.environ["SIMMER_API_KEY"]) to create a SimmerClient; clawhub.json also lists SIMMER_API_KEY as a required env. That credential is proportionate to a trading bot, but the top-level 'Requirements' reported earlier stated no required env vars — a discrepancy. Also the skill reads and honors SIMMER_* tunables (non-secret risk limits); those are expected but should be reviewed. Ensure the API key scope/permissions are limited before provisioning.
Persistence & Privilege: notealways:false (good). The skill is automaton-managed (clawhub.json automaton.entrypoint -> trader.py) and can run autonomously; that's expected for a trading skill. It defaults to paper trading (venue='sim') by default, and real trades require an explicit --live flag, but if invoked with live mode it can execute real trades using the provided API key — which has financial risk and a larger blast radius than non-financial skills.