Simmer

The SKILL.md describes a prediction-market trading API (Polymarket/Kalshi) which legitimately needs an API key and, optionally, a wallet private key for local signing. However, the registry metadata lists no required environment variables or primary credential. Additionally, the top-level description emphasizes "self-custody wallets", yet the instructions state the default "Managed Wallet" uses server-side signing (server signs trades on your behalf). This is a material mismatch between marketing and the actual operational model.

The instructions explicitly tell agents/users to: register to receive an api_key and claim_url, export SIMMER_API_KEY, and (for external wallets) set WALLET_PRIVATE_KEY in the environment; call client.link_wallet(), set_approvals(), and perform trades that can auto-redeem or trigger risk exits. Those are high-sensitivity actions (fund transfers, transaction signing) and the instructions access and depend on secrets not declared in the registry. The doc also instructs installing dependencies (eth-account) and toggling auto-redeem behavior — all of which give the skill broad authority over funds and require trust.

No install spec or code files are present (instruction-only skill), which limits on-disk install risk. However, the SKILL.md recommends installing Python dependency 'eth-account' for external wallet flows; this runtime dependency is not declared in the registry install metadata. Instruction-only status reduces installer risk, but the implicit dependency should be declared.

The runtime instructions require sensitive environment values (SIMMER_API_KEY and WALLET_PRIVATE_KEY) and describe behavior that uses them (server-side signing for managed wallets; local signing with WALLET_PRIVATE_KEY). Yet the skill metadata lists no required env vars or primary credential. Requesting a private key in an environment variable is especially sensitive and should be explicit in the registry and justified; the absence of such declarations is disproportionate and inconsistent.

always:false (normal). The skill allows agent autonomous invocation (platform default), which combined with the ability to place trades and auto-redeem introduces operational risk: an autonomously-invoking agent could place financial transactions via this API. This is a normal platform behavior but users should be aware of the blast radius when granting API keys or private keys.