Scan Report
5 /100
polymarket-ladder-nhl-hockey-trader
Trades monotonicity violations in NHL hockey O/U market ladders and spread-vs-total consistency on Polymarket
A legitimate Polymarket NHL hockey ladder trading bot with comprehensive documentation, safe paper-trading defaults, and no malicious behavior observed.
Safe to install
This skill is safe to use. The skill defaults to paper trading mode and only executes real trades with explicit --live flag. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | trader.py: No file read/write operations |
| Network | READ | READ | ✓ Aligned | trader.py: Uses SimmerClient API for market discovery and trading |
| Shell | NONE | NONE | — | trader.py: No subprocess, os.system, or shell execution |
| Environment | READ | READ | ✓ Aligned | trader.py:31-39 - Only reads documented SIMMER_* parameters |
| Skill Invoke | NONE | NONE | — | trader.py: No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | trader.py: No clipboard access |
| Browser | NONE | NONE | — | trader.py: No browser automation |
| Database | NONE | NONE | — | trader.py: No database operations |
File Tree
3 files · 31.7 KB · 829 lines Python 1f · 601L
Markdown 1f · 141L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned; SDK from Simmer Markets (SpartanLabsXyz) |
Security Positives
✓ Comprehensive SKILL.md documentation with clear strategy explanation
✓ Safe by default: paper trading (sim) mode is the default; real trades require explicit --live flag
✓ No shell execution, subprocess, or os.system calls
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env, or similar paths)
✓ Uses well-documented simmer-sdk from Simmer Markets (SpartanLabsXyz)
✓ Only reads documented environment variables for configuration
✓ No obfuscation techniques (no base64, no eval, no obfuscated strings)
✓ No curl|bash or wget|sh remote script execution patterns
✓ Autostart is disabled by default (autostart: false)
✓ Cron is null - no automated execution without user configuration
✓ Trade safeguards include flip-flop detection and slippage checks
✓ Max position size, min trade, and other risk parameters are tunable