Scan Report
5 /100
polymarket-48h-sports-line-curve-trader
Trades structural mispricings in sports O/U markets by detecting probability curve violations on Polymarket
A legitimate Polymarket sports betting arbitrage trader with no malicious indicators; all capabilities match documented behavior and the skill safely defaults to paper trading.
Safe to install
No action needed. This skill is safe to use. The SIMMER_API_KEY credential access is declared and necessary for trading functionality.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file read/write operations in code |
| Network | READ | READ | ✓ Aligned | trader.py:284-290 client.find_markets() calls simmer-sdk which makes API calls |
| Shell | NONE | NONE | — | No subprocess/os.system/eval calls found |
| Environment | READ | READ | ✓ Aligned | trader.py:43-50 reads SIMMER_* env vars for configuration |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 24.6 KB · 678 lines Python 1f · 471L
Markdown 1f · 120L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; PyPI package from SpartanLabsXyz |
Security Positives
✓ No shell execution (subprocess, os.system, eval)
✓ No network calls to unknown external IPs
✓ No credential harvesting or exfiltration
✓ No base64 obfuscation or anti-analysis techniques
✓ Documentation accurately describes all functionality
✓ Safe paper trading default with explicit --live flag for real trades
✓ All dependencies declared in requirements (simmer-sdk)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No persistence mechanisms (cron, startup hooks)
✓ No prompt injection or jailbreak attempts