Scan Report
0 /100
kalshi-crypto-volatility-skew-trader
Bitcoin price bin trading strategy using volatility skew detection on Kalshi markets
Legitimate crypto trading skill that compares BTC market-implied volatility to historical vol to identify mispriced Kalshi bin markets. All functionality is documented, defaults to safe dry-run mode, and uses only the declared simmer-sdk dependency.
Safe to install
Safe to use. Ensure SIMMER_API_KEY is kept confidential. Review simmer-sdk source code before providing live trading credentials.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | trader.py:36 - load_config() reads config files |
| Filesystem | WRITE | WRITE | ✓ Aligned | trader.py:36 - update_config() writes config files |
| Network | READ | READ | ✓ Aligned | trader.py:217 - _request() to /api/sdk/markets |
| Environment | READ | READ | ✓ Aligned | trader.py:69 - os.environ.get() for API keys |
| Shell | NONE | NONE | — | No subprocess usage found |
2 findings
Medium External URL 外部 URL
https://simmer.markets/skills SKILL.md:10 Info Email 邮箱地址
[email protected] SKILL.md:117 File Tree
3 files · 32.5 KB · 913 lines Python 1f · 709L
Markdown 1f · 119L
JSON 1f · 85L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | PyPI | No | Published by Simmer Markets, github: SpartanLabsXyz/simmer-sdk |
Security Positives
✓ Default mode is dry-run - no real trades execute without --live flag
✓ Cron automation is explicitly disabled (autostart: false, cron: null)
✓ Only one external dependency: simmer-sdk from PyPI (verifiable source)
✓ All sensitive operations require explicit --live flag
✓ Config system allows safe parameter adjustment without code changes
✓ Trade journal integration is optional and fails gracefully
✓ Clear safeguards: slippage checks, liquidity checks, time-to-resolution checks
✓ No credential exfiltration - API keys only used for authentication
✓ Reputation tagging (TRADE_SOURCE, SKILL_SLUG) provides audit trail