Scan Report
5 /100
polymarket-24h-price-curve-arb-trader
Trades structural mispricings in crypto price-threshold markets on Polymarket by reconstructing implied probability distribution curves across strike levels.
A legitimate Polymarket arbitrage trading bot using the simmer-sdk client; paper trading by default, no shell/network primitives, no credential exfiltration, and documentation matches implementation.
Safe to install
No action needed. The skill is a straightforward trading algorithm with appropriate safety defaults and no security violations.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | trader.py:1 — simmer_sdk.network calls only |
| Environment | READ | READ | ✓ Aligned | trader.py:32-42 — direct os.environ.get() for named vars only |
| Filesystem | NONE | NONE | — | No file I/O in trader.py |
| Shell | NONE | NONE | — | No subprocess/os.system calls in trader.py |
File Tree
3 files · 26.0 KB · 684 lines Python 1f · 475L
Markdown 1f · 122L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | unpinned | pip | No | No version constraint in clawhub.json; verify source is https://pypi.org/project/simmer-sdk/ before install |
Security Positives
✓ No shell or subprocess execution — all logic is pure Python
✓ No credential exfiltration — SIMMER_API_KEY is used only for SDK auth
✓ No iteration over os.environ — only named, declared environment variables are read
✓ Paper trading is the default (sim venue); live trading requires explicit --live flag
✓ autostart: false and cron: null — nothing runs automatically
✓ SDK client (simmer-sdk) handles all network I/O; no raw socket/curl usage
✓ No base64, obfuscation, or anti-analysis patterns
✓ Documentation (SKILL.md) accurately describes the implementation
✓ Skill name, author (Diagnostikon), and purpose are consistent across all files