Security audit
Candle Doji Breakout Trader
Security checks across malware telemetry and agentic risk
Overview
This is a clearly disclosed Polymarket trading bot that defaults to paper trading and only uses real funds when explicitly run in live mode.
Use paper mode first, review the strategy and position limits, and only run with --live using a SIMMER_API_KEY whose trading permissions and funded balance you are comfortable risking. Consider reviewing or pinning the simmer-sdk dependency before using live trading.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.