Back to skill
Skillv0.1.0
ClawScan security
Polymarket Fast Loop Improved · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 24, 2026, 7:35 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's high-level trading purpose matches the single credential it requests (SIMMER_API_KEY), but the package is instruction-only yet references a missing Python entrypoint, and it enables autonomous live trading with a credential that likely grants trading authority — these inconsistencies and operational risks merit caution.
- Guidance
- Do not install or run this skill until you verify provenance and code. Key points to check before use: - The skill package contains only instructions but references fastloop_improved.py as the runtime entrypoint; ask the publisher where that script comes from. Running an unknown script is risky. - Verify exactly what permissions SIMMER_API_KEY grants in simmer-sdk (trading-only vs withdrawals/config). Use a least-privilege test key if possible. - Start in paper mode only and run many automated paper trades (as the doc suggests) before any --live runs. Monitor outcomes and logs. - The skill writes fastloop_ledger.json locally — ensure you’re comfortable with trade history being stored in that file and its location/permissions. - Be cautious about scheduling autonomous runs (cron/automaton). Autonomous trading combined with a live-capable API key can cause financial loss if misconfigured or malicious. - Confirm the simmer-sdk package on PyPI is the official package and review its docs and permissions. Consider running the skill inside an isolated environment or VM and inspect any code before granting keys. If you cannot verify the script origin or the key permissions, treat this skill as untrusted.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to trade Polymarket fast markets and asks only for SIMMER_API_KEY (used by the simmer-sdk); that is plausible if the simmer service brokers Polymarket trades. It also relies on public Binance market data (candles, funding, L2 book) which typically don't require API keys. However, the SKILL metadata declares an entrypoint (fastloop_improved.py) and a pip dependency (simmer-sdk) but the skill bundle contains no code files — a mismatch between claimed runtime and what is bundled.
- Instruction Scope
- concernThe instructions tell the agent/user to pip install simmer-sdk, export SIMMER_API_KEY, run python fastloop_improved.py (paper by default, --live for real trades), and read/write a local ledger (fastloop_ledger.json). They also provide cron examples to run every 5 minutes. The instructions remain within the trading domain, but they assume a local Python script that is not included, and they direct filesystem writes and network access to external services for trading — including the possibility of live (real-money) trades.
- Install Mechanism
- okThere is no install spec from the registry and no files are written by the skill itself. The SKILL.md recommends 'pip install simmer-sdk' which is a normal package install. Because the skill is instruction-only, there is low direct install risk from the registry, but running the recommended pip install and executing external scripts (not provided) introduces runtime risk under user control.
- Credentials
- noteOnly SIMMER_API_KEY is required which is proportionate to a brokered trading skill. However, the evaluator cannot confirm what permissions that key grants (trading only vs. transfers/withdrawals/config changes). The SKILL.md does not request or document any Polymarket-specific keys or Binance keys — plausible if simmer-sdk abstracts access — but the lack of explicit permission guidance is a concern.
- Persistence & Privilege
- noteThe skill is not marked 'always:true' and defaults to requiring invocation. Metadata shows an automaton entrypoint (managed=true) which implies it can be scheduled/managed by the platform if the entrypoint exists. Combined with the ability to run live trades via SIMMER_API_KEY, autonomous invocation or cron usage increases the operational risk. The bundle itself does not persist additional system-wide configurations.