← Back to Skills Marketplace
118
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install polymarket-sniper-bot-standalone
Description
An autonomous trading agent for Polymarket (Polygon). Scans 15-minute markets for momentum and trades automatically. Includes dashboard, simulation mode, and...
Usage Guidance
This package looks like a real Polymarket sniper bot, but several things don't add up and you should be cautious:
- Secrets and configuration: The bot needs a polygon RPC URL, wallet_private_key, and Polymarket CLOB API keys (these live in config.yaml). Do NOT put real/mainnet funds or your primary wallet private key in config.yaml until you fully trust the code — test with a burner wallet. The registry metadata did not declare these envs/credentials, so assume the publisher omitted them by mistake or intentionally.
- License / remote contact: The code will POST PRO_LICENSE_KEY to LICENSE_SERVER to validate a 'Pro' license. This env var and server are not documented in the registry metadata. If you set a non-local LICENSE_SERVER it will transmit the PRO key over the network (note default is http:// not https). Only set PRO_LICENSE_KEY and LICENSE_SERVER if you trust the destination; otherwise leave unset (the code then runs in simulation mode).
- Bootstrap risks: bootstrap.sh runs pip3 install -r requirements.txt with --break-system-packages and unpinned packages. That can modify your system Python environment. Prefer installing inside a controlled virtualenv, container, or isolated VM; consider pinning package versions and auditing dependencies before installing.
- Dashboard exposure: The Flask dashboard listens on 0.0.0.0:5000 by default. Do not expose this port to the public internet; restrict access (firewall, SSH tunnel) if you run it on a remote server.
- Incoherent docs vs behavior: DEPLOYMENT.md says enable live_trading via config.yaml, but the code gates live trading by validating a PRO license. Clarify this mismatch with the author before trusting 'live' mode.
Recommended steps before running with real funds:
1) Review config.yaml.example and the code paths that send external requests (LICENSE_SERVER, GAMMA_API, CLOB_API, Discord webhook). 2) Run in simulation mode with a burner wallet and watch behavior. 3) Run inside an isolated environment (container/VM/virtualenv) and pin dependencies. 4) Consider replacing or validating LICENSE_SERVER with a safe value (or unset PRO_LICENSE_KEY). 5) If unsure about the source (homepage unknown), prefer not to run with real keys/funds.
Capability Analysis
Type: OpenClaw Skill
Name: polymarket-sniper-bot-standalone
Version: 1.0.1
The Polymarket Sniper Bot exhibits several high-risk discrepancies and dangerous behaviors. Most notably, there is a significant contradiction between the documentation and the implementation: while DEPLOYMENT.md and TROUBLESHOOTING.md instruct users to enable live trading via 'pro_mode' or 'live_trading' flags in config.yaml, the code in polymarket.py ignores these and instead enforces a license check against a LICENSE_SERVER (defaulting to localhost:8080) using a PRO_LICENSE_KEY environment variable. Furthermore, polymarket.py contains a dangerous fallback in calculate_momentum() that mocks a 3% price gain if API data is unavailable, which would trigger automated trades on every scanned market during API failures. Finally, the bootstrap.sh script uses the aggressive --break-system-packages flag, which can compromise the host's Python environment.
Capability Assessment
Purpose & Capability
The files (polymarket.py, dashboard, db, bootstrap, agent.yaml) align with the stated purpose (autonomous Polymarket trading + dashboard). However registry metadata declares no required env vars or credentials while the code expects a config.yaml containing wallet_private_key, polygon_rpc_url, clob_api_key/secret/passphrase and the runtime uses an environment PRO_LICENSE_KEY and LICENSE_SERVER — these credentials are necessary for the bot to function but are not declared in metadata, which is an incoherence.
Instruction Scope
SKILL.md and DEPLOYMENT instruct users to run bootstrap.sh and start the dashboard and mention enabling live_trading via config.yaml, but the runtime enforces live mode via a PRO license (validate_pro_license() reads PRO_LICENSE_KEY and contacts LICENSE_SERVER). That discrepancy (config flag vs env/license gating) is inconsistent. The runtime will make multiple external network calls (Gamma API, CLOB API, optional Discord webhook, and the LICENSE_SERVER) and can place real trades if live — these network/external interactions are within the bot's purpose but the license check/contact to an external server is unexpected from the docs and could expose a provided PRO key.
Install Mechanism
There is no formal install spec in the registry, but the included bootstrap.sh performs pip3 install -r requirements.txt with the flag --break-system-packages (bypassing PEP 668 protections). Dependencies are unpinned (no versions/hashes). Network install via pip is normal for Python but unpinned packages + --break-system-packages increases risk and surprises system-managed Python environments.
Credentials
A trading bot legitimately needs an RPC URL, wallet private key, and exchange/API credentials (these are referenced in docs and config.yaml), so keys in config.yaml are proportionate. However: 1) PRO_LICENSE_KEY and LICENSE_SERVER are used from environment variables but are not declared in the registry's required envs; 2) LICENSE_SERVER defaults to an HTTP endpoint (http://localhost:8080) and the code POSTs the PRO key to it — if the server URL is changed to an external host this would transmit your PRO key (and could be used to gate live trading). The registry metadata omission and external license call are disproportionate/unexpected telemetry surface.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes config.yaml (from example) and creates sniper.db in the working directory; agent.yaml contains cron tasks for OpenClaw but these are only registered if the user runs the openclaw commands. The bootstrap script's system-bypass pip flag can affect system Python packages — a modest privilege/risk that users should be aware of.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install polymarket-sniper-bot-standalone - After installation, invoke the skill by name or use
/polymarket-sniper-bot-standalone - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Removed pro upgrade links and Gumroad purchase references from documentation
Metadata
Frequently Asked Questions
What is Polymarket Sniper Bot (Standalone)?
An autonomous trading agent for Polymarket (Polygon). Scans 15-minute markets for momentum and trades automatically. Includes dashboard, simulation mode, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.
How do I install Polymarket Sniper Bot (Standalone)?
Run "/install polymarket-sniper-bot-standalone" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Polymarket Sniper Bot (Standalone) free?
Yes, Polymarket Sniper Bot (Standalone) is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Polymarket Sniper Bot (Standalone) support?
Polymarket Sniper Bot (Standalone) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Polymarket Sniper Bot (Standalone)?
It is built and maintained by wjs829 (@wjs829); the current version is v1.0.1.
More Skills