Scan Report
5 /100
polymarket-emerging-tech-trader
Trades Polymarket prediction markets on Web3/DeFi, metaverse, robotics, quantum computing, and synthetic biology markets
A legitimate Polymarket paper-trading skill with well-documented safe-by-default behavior, no hidden functionality, and no suspicious security signals.
Safe to install
Safe to use. The skill defaults to paper trading and requires an explicit --live flag for real trades. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | trader.py - No file read/write operations |
| Network | NONE | NONE | — | trader.py - All network calls go through SimmerClient from simmer-sdk |
| Shell | NONE | NONE | — | trader.py - No subprocess, os.system, or shell execution |
| Environment | READ | READ | ✓ Aligned | trader.py:27-35 - Reads SIMMER_* env vars; SIMMER_API_KEY for auth |
| Skill Invoke | NONE | NONE | — | trader.py - No recursive skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No direct database access |
5 findings
Medium External URL 外部 URL
https://defillama.com/ SKILL.md:115 Medium External URL 外部 URL
https://quantum.ibm.com/ SKILL.md:117 Medium External URL 外部 URL
https://gfi.org/ SKILL.md:118 Medium External URL 外部 URL
https://www.coinglass.com/nft SKILL.md:119 Info Email 邮箱地址
[email protected] SKILL.md:171 File Tree
3 files · 19.2 KB · 485 lines Python 1f · 239L
Markdown 1f · 173L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | latest (PyPI) | pip | No | Official SDK from Simmer Markets; not version-pinned in clawhub.json |
Security Positives
✓ Paper trading is the safe default (venue='sim'), explicitly documented in SKILL.md and trader.py
✓ Live trading requires explicit --live flag — cannot be triggered silently by automation
✓ No subprocess, os.system, or any shell execution — all logic is pure Python
✓ No filesystem read/write operations — no file manipulation of any kind
✓ No direct network requests — all API calls go through the official SimmerClient SDK
✓ No sensitive path access (~/.ssh, ~/.aws, .env beyond declared SIMMER_API_KEY)
✓ No obfuscation (no base64, no eval, no exec, no encoded payloads)
✓ Cron is explicitly set to null and autostart is false — automaton does not auto-run
✓ clear documentation of all tunable risk parameters
✓ API key is only used for authentication to the Simmer platform — not exfiltrated