ClawHub

Polymarket Candle Momentum

v2.0.0

Trade Polymarket 5-minute crypto fast markets using 1-minute candle body analysis and volume surge detection from Binance. Scans BTC, ETH, SOL, XRP, BNB simu...

2· 148·0 current·0 all-time
by@mibayy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise to trade Polymarket fast markets using Binance candle data; the package requires only simmer-sdk and requests and reads SIMMER_API_KEY. The code fetches Binance public klines and calls Simmer APIs to discover markets and (when --live) place trades. The requested dependencies and credential are proportionate to the stated purpose.
Instruction Scope
SKILL.md and the script limit operations to fetching public Binance klines, calling Simmer endpoints, computing signals, and calling SimmerClient.trade() in live mode. Minor discrepancies: the script reads an optional TRADING_VENUE env var (not documented in SKILL.md), and clawhub.json includes a cron schedule while automaton.managed is false (the README also says not auto-executing). These are configuration/metadata inconsistencies to clarify but don't indicate malicious behavior.
Install Mechanism
No install script; dependencies are standard pip packages (simmer-sdk, requests) declared in clawhub.json and SKILL.md. No external downloads, obfuscated installers, or archive extraction are present.
Credentials
Only SIMMER_API_KEY is required and declared; the script also supports documented CM_* override env vars for tuning. It also reads TRADING_VENUE (undocumented) and will include the API key in Authorization headers when calling Simmer REST endpoints. This is expected for a trading integration, but users should be aware TRADING_VENUE is an additional optional env var and should confirm its use.
Persistence & Privilege
The skill does not request always:true and automaton.managed is false (no autonomous execution). However, clawhub.json contains a cron field (*/2 * * * *) which suggests the publisher expects periodic invocation; this contradicts the 'not auto-execute' claim and should be clarified. The skill does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: calculate 1m candle signals from Binance and place trades via Simmer when run with --live. Before installing: (1) Review and keep SIMMER_API_KEY secret — avoid embedding it plaintext in global crontabs; prefer a secure environment or a secrets manager. (2) Run in dry-run first to verify signals and behavior. (3) Confirm you trust the simmer-sdk package and the Simmer API endpoints; consider creating a restricted API key if Simmer supports scoped keys. (4) Clarify the two minor inconsistencies: the cron field in clawhub.json (implies periodic runs) and the undocumented TRADING_VENUE env var. (5) If you will run this on a server, inspect the full (untruncated) script to ensure the live path calls SimmerClient.trade() only in intended ways and that there are no further hidden network destinations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bta6qz3z7p2ak8vve2085kx839dzm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments