Polymarket Fast Loop
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is openly a Polymarket trading bot, but it can run quietly on a schedule and place repeated real-money trades, so live use needs careful review.
Install only if you intentionally want an automated Polymarket trading bot. Start with dry-run mode, avoid live quiet loops until you set hard budget and stop limits, and protect the SIMMER_API_KEY like a financial credential.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run live, the agent or scheduler could repeatedly place USDC trades and incur losses or fees without the user seeing each decision.
The skill combines real-money trading with a quiet live execution example. The artifacts show per-trade sizing, but do not clearly define cumulative exposure, stop-loss, or per-trade approval requirements.
All trades execute on Polymarket with real USDC. Use `--live` for real trades ... `* * * * * cd /path/to/skill && python fastloop_trader.py --live --quiet`
Keep dry-run enabled until the user explicitly approves live trading, and require clear limits such as maximum total exposure, maximum loss, end time, and visible trade confirmations.
A live loop could continue trading across many market windows after the initial setup, potentially spending more than the user intended.
The documentation encourages persistent cron or heartbeat execution in live quiet mode. This is disclosed, but for real-money trading it creates unbounded ongoing autonomous activity unless the user adds external controls.
The script runs **one cycle** — your bot drives the loop ... **Every 1 minute** ... `python fastloop_trader.py --live --quiet` ... **Via OpenClaw heartbeat:** Add to your HEARTBEAT.md
Do not add this to cron or heartbeat in live mode unless there is a documented stop condition, monitoring plan, and hard budget cap.
Anyone with access to the environment variable may be able to use the connected trading account through Simmer.
The script uses a bearer API key for Simmer requests. This is expected for the stated trading integration, but the key likely authorizes financial actions.
key = os.environ.get("SIMMER_API_KEY") ... headers["Authorization"] = f"Bearer {api_key}"Use a dedicated, least-privilege API key if available, store it securely, and rotate it if the environment or machine is shared.
The user has less external provenance to verify before trusting the trading logic with credentials and money.
The artifact provenance is limited. That is not malicious by itself, but it is important context for code that can trade real funds.
Source: unknown; Homepage: none
Review the included source code and publisher identity carefully before enabling live trading.