ClawHub

Polymarket Twitter Sentiment Spike Trader

v1.0.2

Detects crisis and news spikes across other Polymarket markets and adjusts expected posting rates upward for post-count bins. Requires SIMMER_API_KEY and sim...

0· 64·0 current·0 all-time
by@diagnostikon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (detect crisis signals and adjust post-count market bets) aligns with the code and SKILL.md: it queries Simmer/Polymarket markets, computes crisis multipliers, and sizes trades. The declared dependency (simmer-sdk) and required credential (SIMMER_API_KEY) are appropriate for a client SDK that reads a portfolio and places trades. Note: the top-level summary in the prompt briefly said "Required env vars: none", which contradicts the manifest and SKILL.md; the actual files require SIMMER_API_KEY.
Instruction Scope
SKILL.md and trader.py confine actions to Simmer/Polymarket operations (market discovery, signal computation, simulated or explicit live trades). The runtime instructions explicitly default to paper trading and require an explicit --live flag to execute real trades. The skill reads only SIMMER_API_KEY and SIMMER_* tunables and does not instruct reading unrelated system files or credentials.
Install Mechanism
This is instruction + code (no install spec). The manifest declares a PyPI dependency (simmer-sdk). Using a PyPI package is expected for an SDK but is a moderate-risk install vector compared with instruction-only skills; SKILL.md advises reviewing the simmer-sdk source before providing live credentials. No ad-hoc downloads or obscure URLs are present in the package files provided.
Credentials
The only required secret is SIMMER_API_KEY (trading authority), plus adjustable SIMMER_*-prefixed tunables for limits. These are proportionate to a trading skill. The skill uses those env vars consistently; it does not request unrelated service credentials or system secrets.
Persistence & Privilege
always is false, autostart is false and cron is null, so the skill does not force persistent or autonomous execution on install. disable-model-invocation is the platform default (false) but is not combined with other red flags. The skill calls apply_skill_config if available (only affects its own config) — acceptable.
Assessment
This skill appears coherent with its stated purpose, but review these before installing: - Provide only a paper-capable SIMMER_API_KEY while testing; do not expose a live-capable key in shared CI/agent environments. The skill requires an explicit --live flag for real trades, but a live API key in the environment could be misused if you later run with --live. - Inspect the simmer-sdk package source (the SKILL.md itself warns to review it) to ensure it only talks to expected Simmer/Polymarket endpoints and has no surprising behavior. - Note the minor manifest inconsistency: the short header in the prompt said "Required env vars: none" but both clawhub.json and SKILL.md require SIMMER_API_KEY — trust the included files, not the earlier summary. - Keep tunables conservative (MAX_POSITION, MAX_POSITIONS, MIN_TRADE) until you validate performance in paper mode. - Rotate the SIMMER_API_KEY if you ever test live and then stop using the skill. If you want additional assurance, ask the publisher for a signed provenance link for the simmer-sdk PyPI release or run the code in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fg9yqddeanr7b3v8s7w5dp9846zgk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments