polymarket-nordic-trader Security Report — Trusted | ClawSafe

5 /100

polymarket-nordic-trader

Trades Polymarket prediction markets focused on Scandinavian and Nordic events using local knowledge and CET timezone edge.

A straightforward Polymarket trading skill with clean code, safe paper-trading defaults, explicit --live gate, and no hidden or malicious behavior.

Skill Namepolymarket-nordic-trader

Duration33.0s

Enginepi

✓

Safe to install

Safe to use. Install via clawhub and configure SIMMER_API_KEY. For live trading, pass --live explicitly.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	trader.py:7 — from simmer_sdk import SimmerClient; calls client.find_markets(), …
Environment	`READ`	`READ`	✓ Aligned	trader.py:39 — os.environ['SIMMER_API_KEY'] and SIMMER_* tunables
Shell	`NONE`	`NONE`	—	trader.py — zero subprocess/os.system calls
Filesystem	`NONE`	`NONE`	—	No file I/O operations in trader.py
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

6 findings

🔗

Medium External URL 外部 URL

https://www.smhi.se/

SKILL.md:111

🔗

Medium External URL 外部 URL

https://data.riksdagen.se/

SKILL.md:112

🔗

Medium External URL 外部 URL

https://www.scb.se/

SKILL.md:113

🔗

Medium External URL 外部 URL

https://www.svt.se/nyheter/

SKILL.md:114

🔗

Medium External URL 外部 URL

https://www.di.se/

SKILL.md:115

📧

Info Email 邮箱地址

[email protected]

SKILL.md:167

File Tree

3 files · 19.5 KB · 486 lines

Python 1f · 244L Markdown 1f · 169L JSON 1f · 73L

├─ 📋 clawhub.json JSON 73L · 1.2 KB

├─ 📝 SKILL.md Markdown 169L · 8.2 KB

└─ 🐍 trader.py Python 244L · 10.1 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`simmer-sdk`	`latest`	PyPI	No	Published by Simmer Markets ([email protected]); no version pinned in clawhub.json

Security Positives

✓ Paper trading (venue=sim) is the safe default — real trades require explicit --live flag

✓ No subprocess, os.system, or any shell command execution

✓ Single dependency on simmer-sdk from known PyPI publisher (simmer.markets)

✓ All network calls go through simmer-sdk to Polymarket API — no ad-hoc HTTP

✓ No credential exfiltration — SIMMER_API_KEY used only for trading auth

✓ No obfuscation (no base64, no eval, no exec)

✓ No sensitive path access (~/.ssh, ~/.aws, .env files)

✓ No persistence mechanisms (cron is null, autostart is false)

✓ SKILL.md fully documents all behavior and declared capabilities match implementation

✓ Risk parameters are tunable via SIMMER_* env vars — explicit, no hidden overrides

✓ Clean, readable code with no hidden payloads or shadow functionality

Scan Report

File Tree

Dependencies 1 items

Security Positives