Scan Report
5 /100
polymarket-geopolitics-trader
Trades Polymarket prediction markets on geopolitical events — wars, ceasefires, sanctions, diplomatic breakthroughs, and regime changes.
A legitimate Polymarket geopolitical trading bot with safe paper-trading defaults, fully declared credentials, no shell access, and no suspicious behavior.
Safe to install
No action needed. The skill is safe to use with the documented SIMMER_API_KEY credential.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem operations in code |
| Network | READ | READ | ✓ Aligned | SDK makes outbound API calls for market data; declared in SKILL.md dependency se… |
| Shell | NONE | NONE | — | No subprocess, no os.system, no shell commands |
| Environment | READ | READ | ✓ Aligned | os.environ for SIMMER_API_KEY and tunables — declared in SKILL.md credentials ta… |
| Skill Invoke | NONE | NONE | — | No skill-invocation logic |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database operations |
File Tree
3 files · 20.0 KB · 483 lines Python 1f · 298L
Markdown 1f · 117L
JSON 1f · 68L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; from PyPI (SpartanLabsXyz), appears legitimate |
Security Positives
✓ Paper trading (venue=sim) is the safe default; live trades require explicit --live flag
✓ autostart=false and cron=null — nothing runs automatically
✓ Only one credential required (SIMMER_API_KEY), clearly documented in SKILL.md
✓ No shell execution, no subprocess, no os.system calls
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env, etc.)
✓ No credential harvesting or environment variable enumeration
✓ No base64-encoded payloads or code obfuscation
✓ No data exfiltration or C2 communication patterns
✓ No remote script execution (curl|bash, wget|sh)
✓ Code is clean, readable, and matches documentation
✓ Strategy logic is documented with mathematical transparency (conviction, bias multipliers)