Scan Report
5 /100
polymarket-24h-weather-distribution-trader
Trades mispricings in weather temperature-bin markets by detecting sum violations and monotonicity breaks in probability distributions
A legitimate Polymarket trading bot that detects probability distribution violations in weather temperature markets. Clean implementation with no malicious behavior detected.
Safe to install
This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and review position limits before enabling live trading.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file read/write operations in trader.py |
| Network | READ | READ | ✓ Aligned | Uses simmer-sdk for Polymarket API calls only |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell commands found |
| Environment | READ | READ | ✓ Aligned | trader.py:85-93 only reads SIMMER_* env vars |
| Skill Invoke | NONE | NONE | — | No skill invocation logic present |
| Clipboard | NONE | NONE | — | No clipboard access in code |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database operations |
File Tree
3 files · 28.5 KB · 729 lines Python 1f · 522L
Markdown 1f · 120L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Official Simmer Markets SDK; version not pinned |
Security Positives
✓ Safe defaults: paper trading mode enabled by default (venue='sim')
✓ Explicit --live flag required for real trades with real USDC
✓ Single dependency on official simmer-sdk from PyPI
✓ No subprocess, shell commands, or raw network calls
✓ No credential harvesting beyond required SIMMER_API_KEY
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No obfuscation, base64 payloads, or encoded commands
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ Clean, readable code with clear documentation
✓ All behavior declared in SKILL.md matches implementation