ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Spread Sniper

v1.2.0

Snipe mispriced markets by comparing Polymarket AMM price vs live CLOB orderbook midpoint. Buys the underpriced side when spread > 4% on liquid markets. Pure...

0· 149·1 current·1 all-time
by@prysm96

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for prysm96/polymarket-spread-sniper.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Polymarket Spread Sniper" (prysm96/polymarket-spread-sniper) from ClawHub.
Skill page: https://clawhub.ai/prysm96/polymarket-spread-sniper
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install polymarket-spread-sniper

ClawHub CLI

Package manager switcher

npx clawhub@latest install polymarket-spread-sniper
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md, clawhub.json, and spread_sniper.py all describe a Polymarket spread-arbitrage trading bot that uses the simmer-sdk and the Polymarket CLOB public API. That capability legitimately requires a Simmer API key and the simmer-sdk. However, the top-level registry summary (the 'Requirements' block provided to you) incorrectly listed no required environment variables; clawhub.json and the code require SIMMER_API_KEY. This metadata inconsistency is notable and reduces trust.
Instruction Scope
The instructions and code stay within the stated purpose: scanning markets, querying the public Polymarket CLOB API, and executing trades via the Simmer SDK. The SKILL.md explicitly shows dry-run and live modes; there are no obvious instructions to read unrelated local files or exfiltrate unrelated data. The code does use load_config/update_config from simmer_sdk which may persist local config — expected for a trading skill.
Install Mechanism
No platform install spec (archive download, etc.) is present in SKILL.md, reducing install-time risk. clawhub.json declares pip dependency ['simmer-sdk'] which the platform will likely install; pip packages are standard but can carry risk if the package name is untrusted or malicious. There are no obscure download URLs or extracted archives in the provided files.
!
Credentials
The skill requires a SIMMER_API_KEY (declared in clawhub.json, referenced in SKILL.md and code). That is proportionate to a trading bot, but it is a powerful credential (capable of placing real trades). The metadata mismatch (some top-level metadata said no env vars) is a red flag because it could mislead users into thinking no sensitive credential is needed. No other unrelated credentials are requested.
Persistence & Privilege
always:false (not force-installed). disable-model-invocation:false — the default — so an agent could autonomously invoke the skill if allowed; combined with a live SIMMER_API_KEY this enables placing trades without interactive confirmation. clawhub.json marks the automaton as managed with an entrypoint, which is expected. No evidence the skill modifies other skills or system-wide configs beyond its own config storage.
What to consider before installing
This looks like a legitimate Polymarket trading bot, but proceed carefully. Key points to consider before installing or running: - SIMMER_API_KEY is required and gives the skill authority to place real trades. Do not supply a live key unless you intend it to trade autonomously. Prefer a test/paper key if available. - The registry metadata you were shown initially omitted the required env var; that mismatch may be an oversight, but verify which metadata the platform will display to you before granting the key. - Test in dry-run/paper mode first (python spread_sniper.py with no --live) and review logs/positions. The SKILL.md and code explicitly support a paper mode. - Review/verify the simmer-sdk package (the pip dependency) — ensure it is the official package you expect (correct author, recent releases) before installing. - Limit agent autonomy: if you don’t want the agent to trade without approval, ensure policy/permissions prevent automatic invocation with live mode or require explicit user confirmation for --live executions. - If you plan to trust this skill for real funds, ask the publisher for provenance (homepage, repo, or maintainer contact) and a full audit of simmer-sdk and any config persistence behavior. If you cannot verify the source, treat it as risky. Because of the metadata inconsistency plus the financial impact of a trading key, I rate this as 'suspicious' rather than 'benign'.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6qf62bbc7nq5c4gn0cvtcx841pp0
149downloads
0stars
2versions
Updated 3w ago
v1.2.0
MIT-0
@prysm96
latest
Download

Polymarket Spread Sniper

This is a template. Buys the underpriced side when the CLOB midpoint diverges from the AMM price. No outcome prediction needed — pure spread arbitrage.

The Edge

Polymarket has two pricing mechanisms:

  1. AMM — pool-based price, slow to update
  2. CLOB — live orderbook, reflects real money

When they diverge by >4%, the AMM is mispriced. This skill buys the cheap side and profits when prices converge.

Quick Start

export SIMMER_API_KEY=sk_live_...

# Dry run (safe)
python spread_sniper.py

# Live trading
python spread_sniper.py --live

# Show positions
python spread_sniper.py --positions

Configuration

SettingEnv VarDefaultDescription
Min spreadSIMMER_SPREAD_MIN_SPREAD0.04Min bid-ask spread to trade (4¢)
Min volumeSIMMER_SPREAD_MIN_VOLUME5000Min 24h volume in USD
Max positionSIMMER_SPREAD_MAX_POSITION5.00Max USD per trade
Max trades/runSIMMER_SPREAD_MAX_TRADES3Max trades per scan
Min priceSIMMER_SPREAD_MIN_PRICE0.10Never buy below 10¢
Max priceSIMMER_SPREAD_MAX_PRICE0.90Never buy above 90¢
Max hoursSIMMER_SPREAD_MAX_HOURS48Skip markets resolving >48h

Comments

Loading comments...