Daily check-in pattern for Simmer agents. One API call returns portfolio, risk alerts, and opportunities across all venues. Use this in your heartbeat to kee...
Security Analysis
high confidenceThe skill's requirements and runtime instructions match its stated purpose (calling a Simmer briefing API using a single API key); nothing requested appears disproportionate or unrelated.
Name/description, SKILL.md, and clawhub.json consistently describe a read-only briefing call to Simmer and declare a single credential (SIMMER_API_KEY) and a single dependency (simmer-sdk). These requirements are proportionate to the stated purpose.
SKILL.md only instructs the agent to call the briefing endpoint, parse/display the returned fields, and respect rate limits. It does not ask the agent to read unrelated files, access other env vars, or transmit data to endpoints outside simmer.markets/docs and the API; it explicitly excludes trade execution and wallet setup.
There is no custom install script in the skill bundle; metadata lists a pip dependency (simmer-sdk) which matches the Python example in SKILL.md. Installing a pip package is the expected mechanism for this SDK-based skill.
Only SIMMER_API_KEY is required (declared as primaryEnv in SKILL.md and in clawhub.json). That single API key is appropriate for an API client that reads a user's briefing data.
The skill is not marked always:true, has no autostart/entrypoint, and does not request system-wide config changes or other skills' credentials.
Guidance
This skill appears coherent and read-only: it will call Simmer's briefing API using your SIMMER_API_KEY and present the results. Before installing: 1) confirm the SIMMER_API_KEY is legitimate and limited to read-only scope if possible, 2) verify the simmer-sdk package on PyPI (or the project repo) so you trust what will be installed, 3) avoid pasting long-lived keys directly into example code — prefer providing them via env vars, and 4) understand the skill does not execute trades but will surface sensitive portfolio info from your Simmer account to the agent's output, so grant access only if you trust the service and the agent.
Latest Release
v0.1.1
Address LLM scanner findings: remove cross-skill modification language (disable/resize), drop 'embed in your skill prompt' section, scope to single get_briefing API method, replace named cross-references with neutral scope statement.
More by @adlai88
Published by @adlai88 on ClawHub
