ClawHub

Polymarket Candle Momentum

v2.0.1

Trade Polymarket 5-minute crypto fast markets using 1-minute candle body analysis and volume surge detection from Binance. Scans BTC, ETH, SOL, XRP, BNB simu...

0· 88·0 current·0 all-time
by@mibayy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implemented behavior: it fetches Binance public klines and calls Simmer (via simmer_sdk and Simmer REST) to discover markets and optionally place trades. The declared pip deps and required SIMMER_API_KEY are appropriate for that purpose.
Instruction Scope
SKILL.md instructions align with the code's actions (dry-run by default, --live to trade, cron recommended). Minor documentation mismatch: SKILL.md states 'only SIMMER_API_KEY is read from the environment', but the code also reads optional CM_* config envvars and an optional TRADING_VENUE env var. These are configuration, not extra credentials.
Install Mechanism
No download/install script; dependencies are standard pip packages (simmer-sdk, requests) declared in clawhub.json. No archives or external installers are fetched by the skill itself.
Credentials
Only one required secret (SIMMER_API_KEY) is declared and used for Simmer API calls; other env vars read are configuration overrides (CM_* and TRADING_VENUE) and not additional credentials. This is proportionate to trading functionality.
Persistence & Privilege
The skill is not force-included (always: false) and automaton.managed is false. clawhub.json includes a cron suggestion, but the skill does not auto-execute by platform policy — user must run or schedule it. It does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it claims: read Binance public candles, evaluate a candle+volume signal, and call Simmer to find markets and (if you pass --live) place trades. Before using: 1) Treat SIMMER_API_KEY like any API secret — ensure the key's permissions and revoke it if compromised. 2) Prefer dry-run first and inspect logs/output to confirm behavior. 3) Review and pin the simmer-sdk package before installing (verify the package source and version). 4) If you will schedule it via cron, run it in an isolated environment with limited privileges and monitor activity (trading can lose real money). 5) Note the small doc/code mismatch: optional config env vars (CM_*, TRADING_VENUE) are read by the script even though SKILL.md emphasized only SIMMER_API_KEY; this is configuration-only, not extra credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mmhww4bap2cp7v5pbpnprx83aet5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments