Scan Report
5 /100
polymarket-24h-sports-line-curve-trader
Trades structural mispricings in sports O/U markets on Polymarket by detecting monotonicity violations in implied probability curves
A legitimate Polymarket sports arbitrage trading bot with clean code, no undeclared capabilities, and proper risk controls (paper trading by default).
Safe to install
This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and version-pin simmer-sdk in production.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned dependency version Supply Chain | clawhub.json:6 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file I/O detected |
| Network | READ | READ | ✓ Aligned | SimmerClient API calls only |
| Shell | NONE | NONE | — | No subprocess/os.system calls |
| Environment | READ | READ | ✓ Aligned | Reads SIMMER_* vars only (declared in SKILL.md) |
| Skill Invoke | NONE | NONE | — | No skill chaining |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 25.4 KB · 682 lines Python 1f · 471L
Markdown 1f · 124L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | Version not pinned |
Security Positives
✓ Paper trading is the default mode (--live flag required for real trades)
✓ All environment variables declared and documented in SKILL.md
✓ No subprocess, eval, or shell execution
✓ No obfuscation or base64-encoded code
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No credential exfiltration or data theft patterns
✓ All risk parameters exposed as documented tunables
✓ Clean code with no hidden functionality