ClawHub

Polymarket Weather Bucket Thresholds

v1.0.0

Global temperature bucket threshold strategy via Simmer. Buy YES under 15%, sell full position at 45%, max ~$2 entries, max 5 trades/scan, every 2 minutes.

0· 294·0 current·0 all-time
by@oxsnosh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a Simmer-based Polymarket weather trading strategy; the code calls Simmer API endpoints (/markets, /context, /positions, /trade) and enforces the described entry/exit thresholds and scheduling. Required credential (SIMMER_API_KEY) matches the service used.
Instruction Scope
SKILL.md instructions are narrow and match the code: dry-run by default, use --live to place trades, run every 2 minutes, strict warnings enforced. The runtime code does not read unrelated files or environment variables and only communicates with api.simmer.markets.
Install Mechanism
clawhub.json requests pip install of 'simmer-sdk' which is a reasonable dependency for a Simmer integration, but trade.py uses the requests library and does not import simmer-sdk. Installing simmer-sdk is not harmful per se but appears unnecessary or leftover—verify the package source before install.
Credentials
Only SIMMER_API_KEY is required and the code explicitly reads that env var. No unrelated credentials, secret patterns, or config paths are requested or accessed.
Persistence & Privilege
always is false and the skill is scheduled (cron) to run every 2 minutes per manifest; autonomous invocation is allowed (platform default) but not combined with broad credentials or unusual privileges. The skill does not modify other skills or system-wide settings.
Scan Findings in Context
[no_findings] expected: Static pre-scan reported no injection signals. The only minor discrepancy is an unused pip dependency (simmer-sdk) declared in clawhub.json while trade.py uses requests directly; this is not flagged by the scanner but is noted here.
Assessment
This skill appears to do what it says: it queries Simmer and will place simulated or real trades if started with --live. Before installing, confirm the simmer-sdk package source (the manifest requests it) or remove that dependency if unnecessary. Limit the SIMMER_API_KEY's permissions if possible (use a key scoped to simulation or a low-privilege test account), test extensively in dry-run mode, and only enable --live after you are comfortable with behavior and rate limits. Also be aware the cron runs every 2 minutes by default—ensure you want that frequency and that your API quota allows it.

Like a lobster shell, security has layers — review code before you run it.

latestvk975f0nh81g2dmz340kr6gt13182djpx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments