Polymarket Social Trends Trader
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Polymarket trading bot, but its real-money mode, sensitive API key use, and unpinned trading SDK create enough risk that it should be reviewed carefully before use.
Use this only in paper mode until you have verified the simmer-sdk dependency and the live/sim mode handling. If you enable live trading, use a dedicated limited API key, keep low position limits, and monitor orders closely.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
In a reused runtime, a later action intended to be paper trading could potentially continue using a live trading client after a prior live run.
The client is a process-wide singleton. If initialized in live mode, later calls in the same process do not re-check or downgrade the venue when live=false, which weakens the stated control boundary for real-money trading.
_client: SimmerClient | None = None ... if _client is None: venue = "polymarket" if live else "sim" ... return _client
Use separate clients for sim and live venues, assert the current venue before every order, and require an explicit confirmation or fresh initialization for live trading.
A changed or compromised dependency could alter trading behavior or mishandle the API key.
The required SDK is not version-pinned or hash-pinned, and it is the component that will receive the API key and perform trading-related operations.
"requires": { "env": [ "SIMMER_API_KEY" ], "pip": [ "simmer-sdk" ] }Pin the SDK to a reviewed version, provide a lockfile or hash, and document the dependency provenance before using live funds.
A mis-scoped or exposed API key could allow trading activity on the connected account.
The skill authenticates with a Simmer API key and can select the Polymarket venue when live mode is enabled. This is purpose-aligned, but it is sensitive account authority.
api_key=os.environ["SIMMER_API_KEY"], venue=venue
Use a dedicated, revocable key with the minimum needed permissions, keep balances low, and monitor live trading logs.
If enabled, the skill may run trading logic as an automated process rather than a one-off manual command.
The skill is set up as a managed automaton, which is expected for a trading bot, but the manifest does not autostart it or schedule cron execution.
"cron": null, "autostart": false, "automaton": { "managed": true, "entrypoint": "trader.py" }Keep autostart disabled unless intentionally using the bot, start in paper mode, and use conservative position limits.