Polymarket Eth Midcandle
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Polymarket trading bot, but it can place unattended real-money trades and has marketing/safeguard inconsistencies that users should review carefully.
Treat this as high-risk financial automation. Before installing or running live, inspect the full Python file, verify the simmer-sdk dependency, run paper trading, confirm the exact market-selection behavior, reconcile the volume-filter default, set strict bet/account limits, and do not enable cron unless you are prepared for unattended real-money trades.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled live, the skill can spend USDC on Polymarket trades without asking before each order.
The skill can create a live trading client and submit Polymarket orders using the user's API key. That is expected for a trading bot, but it is a high-impact financial action and the artifacts do not show a per-trade human approval step beyond choosing live/cron mode.
def get_client(live=True): ... _client = SimmerClient(api_key=api_key, venue=venue, live=live) ... result = get_client().trade(market_id=market_id, side=side, amount=amount, ...)
Use paper mode first, set low bet limits, verify live-mode behavior in the full source, and require explicit human approval or strong account-side limits before unattended live trading.
The bot could trade an unintended ETH market if the provider returns unexpected active markets or ordering changes.
The visible market-selection logic uses a broad ETH search, a loose string check for "15", and then chooses the first candidate. Paired with live trading, this is an unclear scoping concern.
params={"status": "active", "q": "ETH", "limit": 20, "agent_id": POLY_AGENT_ID} ... candidates = [m for m in markets if "15" in m.get("question", "")] ... return candidates[0]Validate the exact market type, close time, asset, and contract identifiers before placing live orders, and show the selected market to the user before trading.
Users may over-trust the bot and enable live trading based on unverified performance claims.
The skill makes strong profitability claims for a real-money autonomous trading workflow, but the provided artifacts do not include supporting trade logs, backtests, or methodology.
"77%+ win rate. Real money. 400+ trades." ... "The result: 77%+ win rate on real money. Out of the box."
Treat the win-rate claims as marketing unless independently verified; run paper trading and compare results before risking funds.
A user may believe a documented safeguard is active when the packaged default disables it.
SKILL.md says volume confirms the move and lists a 1.1 default, while the packaged config sets the volume ratio default to 0.0, meaning the volume gate is disabled by default.
{"env": "SIMMER_ETHMC_VOL_RATIO", "type": "number", "default": 0.0, ... "label": "Min volume ratio (0 = disabled)"}Reconcile the documentation and packaged defaults before live use, and explicitly set the volume filter if relying on it.
Anyone or any process with this key may be able to access trading functions permitted by the provider.
The skill uses a Simmer API key to access the user's trading account. This is expected for the stated purpose, but it is sensitive delegated authority.
api_key = os.environ.get("SIMMER_API_KEY") ... _client = SimmerClient(api_key=api_key, venue=venue, live=live)Use the least-privileged key available, rotate it if exposed, and check provider-side limits before enabling live trading.
A future dependency change could affect trading behavior or account access.
The skill depends on an external SDK without a version pin. This is purpose-aligned, but important because that SDK handles the API-key trading path.
"requires": { "env": ["SIMMER_API_KEY"], "pip": ["simmer-sdk"] }Install from a trusted package source, pin and review the SDK version if possible, and avoid live trading until dependency provenance is acceptable.
The bot can keep trading after setup until the cron job or automaton is disabled.
The skill documents a cron setup that runs live trading every five minutes. This is disclosed and user-directed, but it creates persistent financial automation once enabled.
3,8,13,18,23,28,33,38,43,48,53,58 * * * * cd /path/to/skill && python eth_midcandle.py --live >> /var/log/eth-midcandle.log 2>&1
Only enable cron intentionally, monitor logs and account activity, and document how to stop or remove the scheduled job.