Scan Report
0 /100
polymarket-ladder-chess-tournament-trader
Trades distribution-sum violations in chess tournament winner markets on Polymarket using the simmer-sdk library
A legitimate chess tournament distribution-sum arbitrage trader using the simmer-sdk library. All capabilities match the documented behavior with safe paper-trading defaults.
Safe to install
No action needed. The skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | trader.py: no file reads or writes |
| Network | NONE | READ | ✓ Aligned | trader.py: all network calls are SDK API calls through simmer-sdk (SimmerClient)… |
| Shell | NONE | NONE | — | trader.py: no subprocess, no os.system, no shell invocation |
| Environment | READ | READ | ✓ Aligned | trader.py:17-18 reads 9 SIMMER_* env vars for config; SIMMER_API_KEY required; a… |
| Skill Invoke | NONE | NONE | — | No skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 21.5 KB · 540 lines Python 1f · 332L
Markdown 1f · 121L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; PyPI-only source |
Security Positives
✓ Paper trading (venue="sim") is the safe default; live trades require explicit --live flag
✓ All risk parameters are environment-variable tunable with documented defaults
✓ No shell execution (subprocess, os.system) — code is pure Python logic
✓ No sensitive file or path access (no ~/.ssh, ~/.aws, .env reads)
✓ No obfuscation (no base64, no eval, no atob patterns)
✓ No credential exfiltration — SIMMER_API_KEY is only consumed by the SDK for trading
✓ No remote script download (no curl|bash, wget|sh, pip install from untrusted sources)
✓ Autostart is false and cron is null — no unattended execution by default
✓ All network behavior is through the well-documented simmer-sdk library
✓ clawhub.json properly declares automaton entrypoint and required env vars