Scan Report
5 /100
polymarket-twitter-weekend-drift-trader
Exploits systematic weekday/weekend posting rate differences in post-count bin markets
A legitimate Polymarket trading bot that uses a weekend drift trading strategy with well-documented paper-trading safeguards. No malicious behavior detected.
Safe to install
This skill is safe to use. Ensure the SIMMER_API_KEY has paper-trading permissions only and never expose live-capable credentials to automated agents.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access observed |
| Network | READ | READ | ✓ Aligned | SDK abstraction for market data and trading API calls |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell execution |
| Environment | READ | READ | ✓ Aligned | Reads SIMMER_* env vars - all declared in SKILL.md |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No direct database access |
2 findings
Medium External URL 外部 URL
https://simmer.markets/skills SKILL.md:10 Info Email 邮箱地址
[email protected] SKILL.md:123 File Tree
3 files · 17.8 KB · 498 lines Python 1f · 290L
Markdown 1f · 125L
JSON 1f · 83L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Published by Simmer Markets on PyPI; version not pinned but from trusted publisher |
Security Positives
✓ Paper trading mode is default - no financial risk without explicit --live flag
✓ All environment variables are documented in SKILL.md
✓ Risk parameters (max position, thresholds, etc.) are clearly declared
✓ Uses official simmer-sdk from PyPI with verifiable publisher
✓ No shell execution, subprocess, or system command calls
✓ No credential harvesting beyond the required SIMMER_API_KEY
✓ No filesystem operations or sensitive file access
✓ No obfuscation or encoded payloads
✓ SDK provides abstraction layer for all API interactions
✓ Source code is clean, readable Python with no suspicious patterns