Polymarket Fast Loop

The skill's code and SKILL.md clearly require a Simmer API key and (for live trading) a wallet private key to sign orders. clawhub.json lists SIMMER_API_KEY and a pip dependency (simmer-sdk), but the top-level registry summary showed no required env vars and no primary credential. The omission of WALLET_PRIVATE_KEY from the declared requirements is an inconsistency — live trading legitimately needs signing credentials, but the metadata does not fully reflect that.

SKILL.md instructs the agent to ask for and store a wallet private key in the environment and to run the script on a cron loop. Those instructions are directly relevant to trading, but they also surface highly sensitive operations (storing and using a private key) and the skill asks to run automated, periodic live trades. The instructions do not describe any secure key-handling alternatives (hardware wallet, remote signing, or ephemeral signing).

This is instruction-only with an included Python script and a declared pip dependency on simmer-sdk (in clawhub.json). There is no download-from-URL or obscure install step in the manifest. Risk from installation is low provided dependencies are installed from trusted registries.

Requiring SIMMER_API_KEY and a wallet private key is proportionate to a skill that executes trades, but the private key is highly sensitive and is not declared in the registry metadata (clawhub.json only lists SIMMER_API_KEY). The SKILL.md explicitly asks users to store WALLET_PRIVATE_KEY in the environment, which is risky without guidance on secure handling. There is also a minor mismatch between env var names used in code/config (e.g., SIMMER_* vs. SIMMER_FASTLOOP_*) and the metadata which could confuse users.

The skill is not set to always:true, autostart is false, and scheduling is user-driven (cron or OpenClaw cron). The skill can be invoked autonomously (normal for skills) but it does not request permanent elevated platform presence. That limits blast radius if misconfigured.