Scan Report
5 /100
polymarket-onlyfans-trader
Trades Polymarket markets on OnlyFans — celebrity join events, platform bans/restrictions, and creator earnings — using three structural mispricings. Paper-trading safe by default.
A legitimate Polymarket prediction-market trading skill built on the official simmer-sdk; no malicious behavior, obfuscation, credential theft, or undeclared capabilities detected.
Safe to install
No immediate action needed. Verify the simmer-sdk package authenticity (import only from pypi.org) before production use. Ensure SIMMER_API_KEY is stored securely (e.g., vault or secrets manager) and never committed to version control.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | trader.py: reads no external files beyond its own source |
| Network | READ | READ | ✓ Aligned | trader.py: uses SimmerClient which communicates with Polymarket API — declared i… |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell execution found |
| Environment | READ | READ | ✓ Aligned | trader.py: reads SIMMER_API_KEY and 7 SIMMER_* tunables from os.environ — all de… |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 32.8 KB · 778 lines Python 1f · 527L
Markdown 1f · 172L
JSON 1f · 79L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | latest (unpinned in source) | pypi | No | No version pin in source; clawhub.json declares pip requirement without version specifier. Recommend pinning to a specific version for reproducibility. |
Security Positives
✓ No shell execution, subprocess, os.system, or any form of arbitrary command invocation
✓ No base64-encoded strings, eval(), exec(), or dynamic code generation
✓ No obfuscation techniques (obfuscated strings, dead code, steganography)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, credentials store)
✓ No environment variable enumeration (no os.environ iteration for secrets)
✓ No outbound data exfiltration, C2 communication, or external IP contacts beyond Polymarket API
✓ No suspicious downloads or remote script execution (curl|bash, wget|sh)
✓ No hidden functionality: all logic (market classification, bias multipliers, signal computation) is straightforward and matches documentation
✓ Safe default behavior: paper trading (venue='sim') without --live flag, confirmed in SKILL.md and implemented in trader.py:285
✓ Explicit autostart:false and cron:null in clawhub.json — no automatic execution
✓ Only one external dependency: simmer-sdk from PyPI, with declared pip requirement in clawhub.json
✓ All tunable parameters (8 risk parameters) are declared in both SKILL.md and clawhub.json
✓ No typosquatting risk: dependency name is specific ('simmer-sdk') and version is implicitly pinned by PyPI resolution