ClawHub

Polymarket Kalshi Divergence

v2.0.5

Cross-platform arbitrage between Kalshi and Polymarket. Monitors 13 Kalshi event series (crypto, macro, politics) and compares prices to equivalent Polymarke...

0· 153·0 current·0 all-time
by@mibayy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script polls Kalshi public endpoints and uses SimmerClient to search Polymarket-equivalent markets and place trades. The declared dependency (SIMMER_API_KEY and simmer-sdk) is appropriate for interacting with Simmer, and requests is required to call Kalshi's API.
Instruction Scope
SKILL.md runtime instructions map exactly to what the code does: scan Kalshi, match via SimmerClient.find_markets(), compute divergence, and call SimmerClient.trade() only if run with --live. The instructions do not ask the agent to read unrelated local files or secrets beyond the declared SIMMER_API_KEY.
Install Mechanism
This is instruction-only with a small set of pip dependencies (simmer-sdk, requests) declared in clawhub.json; no arbitrary downloads or extract/install steps are present. Risk from installation is low if you trust the pip packages used.
Credentials
Only SIMMER_API_KEY (required) and optional trading/config env vars are requested, which is appropriate for placing trades via the Simmer service. Caution: an API key granting trading authority is powerful—ensure the key's permissions and trust in the Simmer provider are acceptable (e.g., whether it can place real trades or withdraw funds).
Persistence & Privilege
The skill is a managed automaton scheduled to run every 5 minutes (cron) per clawhub.json, but default behavior is dry-run. It does not set always:true. Ensure that automated runs won't be configured with live trading credentials/environment—otherwise it could autonomously place trades.
Assessment
This skill is internally consistent with its stated purpose, but before installing consider: (1) Only provide a SIMMER_API_KEY if you trust Simmer.markets and understand what that key can do (it can place trades). Prefer keys with least privilege or test keys. (2) By default the script is dry-run, but the --live flag or setting TRADING_VENUE to a non-sim venue enables real trades—ensure cron/automaton runs won't be given live credentials unintentionally. (3) Review the simmer-sdk package and Simmer's API docs/policy to confirm no unexpected privileges (withdrawals, account changes). (4) Run locally in dry-run mode first and inspect logs and the exact API calls made. If you need higher assurance, review the full SimmerClient implementation (not included here) to confirm where trade requests are sent and what permissions are required.

Like a lobster shell, security has layers — review code before you run it.

latestvk97733km796zyzp14d5zm1anx9838m7m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments