Scan Report
0 /100
polymarket-supply-chain-trader
Trades Polymarket prediction markets for supply chain disruptions, shipping delays, and commodity prices
A legitimate Polymarket trading integration with safe defaults (paper trading by default), no shell execution, no credential exfiltration, and fully documented behavior matching implementation.
Safe to install
This skill is safe to use. Ensure SIMMER_API_KEY is kept private and do not pass --live flag in untrusted environments.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | trader.py:77 - SimmerClient connects to Polymarket API |
| Environment | READ | READ | ✓ Aligned | trader.py:25-31 - Reads SIMMER_* config vars |
| Filesystem | NONE | NONE | — | No file operations in codebase |
| Shell | NONE | NONE | — | No subprocess or shell execution calls |
1 findings
Info Email 邮箱地址
[email protected] SKILL.md:146 File Tree
3 files · 19.0 KB · 480 lines Python 1f · 259L
Markdown 1f · 148L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pypi | No | SDK for Polymarket trading API |
Security Positives
✓ Safe defaults: paper trading (venue='sim') without --live flag
✓ No shell execution - uses only SimmerClient SDK
✓ No credential exfiltration - API key used only for trading API
✓ Full documentation matches implementation (doc-to-code aligned)
✓ No obfuscation - clean, readable Python code
✓ No hidden functionality or shadow features
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote code execution (no curl|bash, wget|sh)
✓ Cron disabled by default (autostart: false)
✓ Simple, focused implementation with clear trading logic