Scan Report
5 /100
polymarket-ladder-social-posts-trader
Trades distribution-sum violations in social media post-count range markets on Polymarket
Clean trading skill with transparent Polymarket API integration, paper-trading safeguards, and full doc-to-code alignment.
Safe to install
No action required. This skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md is documentation only; no writes to disk in trader.py |
| Network | READ | READ | ✓ Aligned | All network activity routed through simmer-sdk SimmerClient; no raw sockets or d… |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell commands; safe_print uses print() only |
| Environment | READ | READ | ✓ Aligned | os.environ used only for SIMMER_* tunables (declared in SKILL.md Table 2 and cla… |
| Skill Invoke | NONE | NONE | — | No skill invocation chains |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 28.3 KB · 734 lines Python 1f · 520L
Markdown 1f · 127L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; direct PyPI dependency from SpartanLabsXyz/Simmer Markets |
Security Positives
✓ Paper trading (venue=sim) by default — zero financial risk without --live flag
✓ All environment variables declared in both SKILL.md (Table 2) and clawhub.json tunables
✓ Simmer safeguards: flip-flop detection, slippage checks, max spread/liquidity/volume filters
✓ Threshold gates (YES_THRESHOLD/NO_THRESHOLD) prevent trading at unfavorable prices
✓ No subprocess, os.system, shell commands, or base64/eval
✓ No credential harvesting beyond the declared SIMMER_API_KEY used only for SimmerClient auth
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No obfuscation, hidden instructions, or C2 indicators
✓ Dependency: simmer-sdk only (pinned from PyPI), no untrusted third-party packages
✓ apply_skill_config is a documented Simmer runtime method, not a security concern
✓ Full doc-to-code alignment: every os.environ read, client call, and parameter is documented