Scan Report
5 /100
polymarket-24h-geopolitics-cluster-trader
Trades logical inconsistencies in geopolitical event clusters on Polymarket using the simmer-sdk. Detects monotonicity, correlation, and prerequisite-chain violations in strike-count, daily-military-action, and bilateral markets.
A straightforward Polymarket cluster arbitrage trading script using the simmer-sdk. No shell execution, no sensitive file access, no obfuscation, and no undeclared network calls. All behavior is fully documented in SKILL.md.
Safe to install
Approve for use. The skill is safe: paper trading is the default, the external dependency (simmer-sdk) is declared, and the only credential accessed is SIMMER_API_KEY used exclusively for Polymarket trading via the SDK.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Environment | NONE | READ | ✓ Aligned | trader.py:34-42,60 — reads SIMMER_* tunables and SIMMER_API_KEY, all declared in… |
| Shell | NONE | NONE | — | trader.py — no subprocess, no shell commands, no curl/wget |
| Filesystem | NONE | NONE | — | trader.py — no file reads or writes beyond the script itself |
| Network | NONE | READ | ✓ Aligned | trader.py:19 — uses simmer-sdk (declared in SKILL.md & clawhub.json) which wraps… |
File Tree
3 files · 31.7 KB · 800 lines Python 1f · 594L
Markdown 1f · 119L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | unpinned | pip | No | Dependency declared in SKILL.md and clawhub.json but version not pinned in requirements; this is a known-trading-platform SDK with no known vulnerabilities |
Security Positives
✓ Paper trading (venue="sim") is the hard default; --live flag required for real trades
✓ No shell execution, subprocess, or system command invocation
✓ No sensitive file or path access (~/.ssh, ~/.aws, .env, etc.)
✓ os.environ reads are limited to SIMMER_* prefixed variables and SIMMER_API_KEY — no environment variable iteration
✓ No obfuscation: no base64, eval, exec, or encoded payloads
✓ All behavior is clearly documented in SKILL.md with safety tables and parameter declarations
✓ Safeguards implemented: flip-flop detection, slippage checks, spread/days gates, position limits
✓ External dependency (simmer-sdk) declared in both SKILL.md and clawhub.json