Scan Report
5 /100
polymarket-legal-regulatory-trader
Trades Polymarket legal and regulatory prediction markets using conviction-based sizing with documented legal base rates
Legitimate Polymarket trading bot using the Simmer SDK with clear safety defaults (paper trading), no shell execution, no sensitive file access, and no obfuscation.
Safe to install
No action needed. The skill is a standard prediction market trading bot with documented behavior matching implementation.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file read/write operations found |
| Network | NONE | NONE | — | Uses SimmerClient SDK for API calls only |
| Shell | NONE | NONE | — | No subprocess or shell execution |
| Environment | READ | READ | ✓ Aligned | trader.py:49-57 - reads SIMMER_* vars and SIMMER_API_KEY only |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 18.0 KB · 439 lines Python 1f · 271L
Markdown 1f · 100L
JSON 1f · 68L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pypi | No | Version not pinned; known publisher (SpartanLabsXyz) |
Security Positives
✓ No shell execution or subprocess calls
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No base64 encoding or code obfuscation
✓ Clear safety documentation: paper trading is the default mode
✓ Explicit --live flag required for real trades
✓ Straightforward, readable code with clear comments
✓ Uses standard environment variable pattern for configuration
✓ No data exfiltration or C2 communication
✓ No hidden functionality or doc-to-code mismatch