Scan Report
5 /100
polymarket-macro-weather-commodity-trader
Trades Polymarket commodity markets based on extreme weather stress signals. Paper by default, live trades only with --live flag.
A legitimate Polymarket weather-commodity trading strategy using the simmer-sdk, with no malicious behavior, clear documentation, and appropriate credential handling.
Safe to install
This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and --live flag is not enabled without reviewing trade parameters.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | trader.py imports only stdlib + simmer-sdk; no file write operations |
| Network | READ | READ | ✓ Aligned | All network I/O goes through SimmerClient SDK → Polymarket API; no raw socket/HT… |
| Shell | NONE | NONE | — | No subprocess, no os.system, no shell execution in code |
| Environment | READ | READ | ✓ Aligned | Reads only SIMMER_* prefixed env vars; API key used only for SDK auth |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation observed |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
3 files · 25.8 KB · 704 lines Python 1f · 466L
Markdown 1f · 129L
JSON 1f · 109L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | PyPI (simmer-sdk/SpartanLabsXyz) | No | Version not pinned — use explicit version for reproducibility |
Security Positives
✓ All trade execution gated behind explicit --live flag; defaults to paper/sim mode
✓ Comprehensive context guards (flip-flop, slippage, spread, days-to-resolution checks)
✓ No subprocess, shell execution, or raw HTTP calls — all API traffic via official simmer-sdk
✓ SIMMER_API_KEY used only for authenticated Polymarket API calls, never exfiltrated
✓ SKILL.md accurately describes all behavior: market discovery, signal computation, trade execution
✓ All risk parameters exposed as declared tunables with sensible defaults
✓ No obfuscation, no base64, no dynamic code generation
✓ No credential harvesting beyond the one declared API key
✓ No filesystem writes — read-only analysis of market data
✓ Safe by design: max position $40, min trade $5, max 6 concurrent positions