Scan Report
5 /100
polymarket-24h-nba-game-structure-trader
Trades structural inconsistencies across correlated NBA game markets on Polymarket by detecting cross-market mispricings
A legitimate Polymarket NBA game structure arbitrage trading skill with comprehensive documentation, safe-by-default paper trading mode, and no suspicious code patterns.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file read/write operations in trader.py |
| Network | NONE | READ | ✓ Aligned | Uses simmer-sdk SimmerClient for API calls; all network access is through docume… |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell execution found |
| Environment | READ | READ | ✓ Aligned | Only reads SIMMER_API_KEY and tunable risk parameters (lines 44-52); no iteratio… |
| Skill Invoke | NONE | NONE | — | No skill invocation capability used |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 34.1 KB · 857 lines Python 1f · 631L
Markdown 1f · 139L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; SDK from Simmer Markets (SpartanLabsXyz) |
Security Positives
✓ Documentation is comprehensive and accurately describes all behavior
✓ Safe by default: paper trading (venue=sim) without --live flag
✓ Explicit --live flag required for real trades with clear warning in docs
✓ autostart=false and cron=null declared honestly in clawhub.json
✓ Credential scope is minimal: only reads SIMMER_API_KEY
✓ No credential harvesting: does not iterate os.environ for keys
✓ No obfuscation: code is readable, well-commented
✓ No shell execution: no subprocess, os.system, eval, or exec
✓ No sensitive path access: no ~/.ssh, ~/.aws, or .env file reading
✓ No network exfiltration: all API calls go through documented simmer-sdk
✓ Flip-flop and slippage safeguards implemented for trade safety