Scan Report
5 /100
polymarket-cybersecurity-trader
Trades Polymarket prediction markets on major cyberattacks, ransomware incidents, data breaches, zero-day exploits, and national cybersecurity legislation.
A legitimate Polymarket trading skill that reads environment variables for config, makes API calls via the simmer-sdk, and contains no shell execution, obfuscation, credential theft, or hidden functionality.
Safe to install
No action needed. The skill is safe to use with paper trading default.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | trader.py:1-405 — no file I/O operations |
| Network | READ | READ | ✓ Aligned | trader.py:58-64 — SimmerClient API calls only |
| Shell | NONE | NONE | — | trader.py:1-405 — no subprocess/os.system/os.popen calls |
| Environment | READ | READ | ✓ Aligned | trader.py:24-30 — reads SIMMER_* env vars for config only |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 31.1 KB · 617 lines Python 1f · 405L
Markdown 1f · 139L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | PyPI | No | Version not pinned — minor supply chain noise only |
Security Positives
✓ Safe-by-default paper trading (venue=sim) with no auto-start
✓ Live trades require explicit --live flag — prevents accidental real trading
✓ No shell execution, subprocess, or system command calls
✓ No credential harvesting beyond SIMMER_API_KEY (required for trading API)
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, atob) or anti-analysis techniques
✓ No hidden functionality — code behavior matches SKILL.md documentation
✓ No data exfiltration or C2 communication
✓ No cron/scheduled task persistence hooks
✓ Explicit API key requirement is documented and necessary for the trading function