Scan Report
10 /100
polymarket-sports-live-trader
Trades Polymarket prediction markets on sports championships, tournament outcomes, MVP awards, transfer windows, and season milestones.
A straightforward Polymarket sports trading script with clear documentation, paper-trading defaults, and no hidden or malicious behavior detected.
Safe to install
This skill is safe to use. Ensure SIMMER_API_KEY is treated as a high-value credential and never expose --live mode to untrusted environments.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file reads/writes in trader.py |
| Network | NONE | READ | ✓ Aligned | All network via simmer-sdk; ESPN API only in docs as optional remix idea |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell execution in trader.py |
| Environment | READ | READ | ✓ Aligned | Reads SIMMER_API_KEY and SIMMER_* tunables (lines 37-44) |
| Skill Invoke | NONE | NONE | — | No skill invocation chains |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://site.api.espn.com/apis/site/v2/sports/ SKILL.md:63 File Tree
3 files · 17.4 KB · 440 lines Python 1f · 269L
Markdown 1f · 103L
JSON 1f · 68L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; known vendor (SpartanLabsXyz/Simmer Markets) |
Security Positives
✓ Paper trading is the safe default — real trades require explicit --live flag
✓ Autostart=false and cron=null prevent unattended execution
✓ All risk parameters are exposed as declared tunables in clawhub.json
✓ No subprocess, shell, or eval/exec usage anywhere in the codebase
✓ No sensitive file paths (~/.ssh, ~/.aws, .env) are accessed
✓ SKILL.md and trader.py are fully aligned — no hidden functionality
✓ No obfuscation, no base64 payloads, no anti-analysis techniques
✓ Financial safeguards: spread gate, days-to-resolution gate, flip-flop detection, slippage limits
✓ Credential (SIMMER_API_KEY) is properly scoped to the trading SDK