polymarket-macro-risk-regime-trader Security Report — Trusted | ClawSafe

5 /100

polymarket-macro-risk-regime-trader

Detects macro risk regimes across Polymarket categories and trades lagging markets. Paper trading by default.

A legitimate Polymarket macro risk regime trading bot that defaults to safe paper trading mode, uses a standard SDK, and has no malicious indicators.

Skill Namepolymarket-macro-risk-regime-trader

Duration30.8s

Enginepi

✓

Safe to install

This skill is safe to use. The paper trading default (venue="sim") ensures zero financial risk unless the explicit --live flag is passed.

Findings 1 items

Severity	Finding	Location
Low	Unpinned dependency Supply Chain simmer-sdk is not version-pinned in SKILL.md metadata, making builds non-reproducible `simmer-sdk by Simmer Markets (SpartanLabsXyz)` → Consider pinning: simmer-sdk==X.Y.Z to ensure reproducible builds	`SKILL.md:95`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem operations in code
Network	`READ`	`READ`	✓ Aligned	SDK calls to Polymarket API (read-only market data)
Shell	`NONE`	`NONE`	—	No subprocess/shell invocation
Environment	`READ`	`READ`	✓ Aligned	Reads SIMMER_* tunables only; SIMMER_API_KEY for auth
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

File Tree

3 files · 22.8 KB · 565 lines

Python 1f · 364L JSON 1f · 103L Markdown 1f · 98L

├─ 📋 clawhub.json JSON 103L · 2.2 KB

├─ 📝 SKILL.md Markdown 98L · 6.1 KB

└─ 🐍 trader.py Python 364L · 14.5 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`simmer-sdk`	`latest (unpinned)`	PyPI	No	Legitimate trading SDK from Simmer Markets; version not pinned in metadata

Security Positives

✓ Paper trading is the default mode (venue="sim") -- zero financial risk without --live flag

✓ All environment variables (SIMMER_*) are declared in SKILL.md with descriptions

✓ No shell execution, subprocess, or system command invocation

✓ No obfuscation (base64, eval, atob) detected

✓ No sensitive file access (~/.ssh, ~/.aws, .env)

✓ No credential exfiltration or data theft

✓ All trading operations properly gated by regime logic and context checks

✓ Source SDK (simmer-sdk) is from a legitimate PyPI package

✓ No hidden functionality -- code matches documentation

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives