Scan Report
0 /100
polymarket-crypto-onchain-trader
Trades Polymarket prediction markets on Bitcoin, Ethereum, Solana price milestones, ETF inflows, halving events, and DeFi protocol milestones using three stacked structural edges.
A legitimate Polymarket paper-trading skill built on the official simmer-sdk, with no shell access, no credential exfiltration, and all capabilities fully declared in documentation.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file reads or writes in trader.py |
| Network | READ | READ | ✓ Aligned | All network I/O via simmer-sdk SimmerClient (PyPI), documented in SKILL.md |
| Shell | NONE | NONE | — | No subprocess, os.system, or shell command execution in trader.py |
| Environment | READ | READ | ✓ Aligned | os.environ used only for SIMMER_API_KEY and SIMMER_* tunables — no iteration ove… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 25.0 KB · 560 lines Python 1f · 362L
Markdown 1f · 130L
JSON 1f · 68L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Official PyPI package from SpartanLabsXyz, declared in clawhub.json |
Security Positives
✓ Safe by default: paper trading (venue='sim') with no --live flag, zero financial risk
✓ autostart=false and cron=null — no automated execution without explicit user configuration
✓ No shell execution: pure Python logic with no subprocess, os.system, or popen calls
✓ No sensitive path access: no reads of ~/.ssh, ~/.aws, .env, or similar credential paths
✓ No credential exfiltration: SIMMER_API_KEY used only to authenticate the simmer-sdk client, never exfiltrated
✓ No obfuscation: all code is plain Python, no base64, eval, or dynamic code generation
✓ No external I/O beyond the simmer-sdk: strategy logic is entirely local
✓ SKILL.md accurately documents all behavior, tunables, and the SIMMER_API_KEY requirement
✓ External dependency (simmer-sdk) pinned to known PyPI package with clear provenance