Cogdx Pre Trade Audit
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill's audit-and-trade behavior is mostly disclosed, but it also declares an unexplained scheduled managed automaton around code that can place live trades.
Review or disable the scheduled automaton before installing. Only configure SIMMER_API_KEY if you intend to allow live trading, keep dry-run mode until you have added your own limits or confirmations, and avoid sending secrets in the trade reasoning text.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run repeatedly after installation rather than only when you ask it to audit a trade.
This declares recurring managed background execution. That persistence is not described in SKILL.md, and it is attached to a financial trading script, making the runtime scope unclear.
"cron": "*/15 * * * *", "automaton": { "managed": true, "entrypoint": "cogdx_pre_trade_audit.py" }Disable or remove the cron/automaton unless you explicitly want scheduled execution, and require per-trade user approval for any live trading.
If used with live mode, the skill can spend funds or create market positions based on the audit result.
The live trade path can mutate a real trading account. It is purpose-aligned and dry-run by default, but users should understand that passing --live can place a real trade.
if not live: ... "Dry-run: trade would execute. Pass --live for real trades." ... trade = client.trade(market_id=market_id, side=side, amount=amount, ...)
Use dry-run first, set conservative trade amounts, and add explicit confirmation or budget controls before enabling live trades.
A configured SIMMER_API_KEY may allow the skill to place trades through the connected provider.
The skill uses an environment API key to access a trading provider. This is expected for live trading and is disclosed in SKILL.md, but it is still delegated financial authority.
SimmerClient(api_key=os.environ["SIMMER_API_KEY"], venue="polymarket")
Use a limited-scope or low-balance trading key if possible, and do not configure the key unless you intend to use live trading.
Your private trading rationale and optional wallet header may leave your local environment and be processed by an external service.
The user's trade reasoning is sent to the external Cerebratech/CogDx API for analysis. This is disclosed and purpose-aligned, but the trade thesis may be sensitive.
requests.post(f"{_cogdx_base_url}/reasoning_trace_analysis", headers=headers, json={"trace": reasoning}, timeout=30)Avoid including unnecessary secrets or sensitive account details in the reasoning text, and only use the service if you trust the provider.
Installing or running the skill may pull third-party code that participates in credentialed trading workflows.
The skill depends on pip packages without pinned versions. This is common for integrations, but dependency provenance matters because the skill can access a trading API key.
"requires": { "pip": ["simmer-sdk", "requests"], "env": ["SIMMER_API_KEY"] }Verify dependency sources and versions before enabling the skill in an environment with trading credentials.