ClawHub

Polymarket Twitter Bin Decay Trader

v1.0.3

Trades post-count bin markets by tracking elapsed time to identify mathematically dead bins that still hold residual probability. Requires SIMMER_API_KEY and...

0· 54·0 current·0 all-time
by@diagnostikon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, declared requirements (SIMMER_API_KEY, simmer-sdk), clawhub.json tunables and the included trader.py are coherent for a Polymarket/Simmer trading skill. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and trader.py limit actions to finding markets, computing signals, and executing trades via the Simmer SDK. The README explicitly defaults to paper mode and requires an explicit --live flag for real trades. SKILL.md mentions optional remixing to use the Twitter API or scrapers — that would expand scope and require additional credentials and network access, but those are optional notes rather than enforced behavior.
Install Mechanism
No installer downloads arbitrary archives; dependency is the simmer-sdk (PyPI) which is declared in both SKILL.md and clawhub.json. Skill is instruction-only with an included Python file—no remote install URLs or extract operations present.
Credentials
Only SIMMER_API_KEY and SIMMER_-prefixed tunables are used, which is proportionate for a trading skill. No unrelated secrets (AWS keys, Twitter tokens, etc.) are required by default.
Persistence & Privilege
always is false, autostart is false, and the automaton is managed but default cron is null; the skill does not demand permanent/global privileges. Autonomous invocation is allowed by platform default but not elevated by this skill.
Assessment
This skill appears to do what it says and asks only for the Simmer API key and related tunables. Before installing: (1) Review the simmer-sdk source (PyPI/GitHub) to verify it does not log or exfiltrate your API key or perform unexpected network calls. (2) Test strictly in paper mode (omit --live) and keep autostart/cron disabled until you confirm behavior. (3) Do not place a live-capable SIMMER_API_KEY in shared or CI environments; use a limited or test key if possible. (4) If you or the skill add Twitter scraping or the Twitter API, expect additional credentials and broader data access — audit any scraper code and rate-limiting/network behavior. (5) Limit MAX_POSITION and other tunables before enabling live trading and monitor logs and transactions closely on first runs. If you want higher assurance, provide the full (untruncated) trader.py for a complete code review or audit the simmer-sdk package referenced.

Like a lobster shell, security has layers — review code before you run it.

latestvk975w179avk4k4vyans19q5qgd846k93

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments