polymarket-mert-sniper

[Skill Scanner] Backtick command substitution detected Functionally consistent with its stated purpose (Polymarket expiry-sniping) and uses expected inputs (Simmer API key, wallet private key). The main security concern is the requirement that users supply their raw WALLET_PRIVATE_KEY as an environment variable or saved config; this is proportionate to automated trading but increases risk if the SDK or runtime is compromised or if secrets are stored insecurely. No explicit signs of malware or exfiltration in the provided text, but final trust depends on auditing the simmer-sdk and the python scripts (mert_sniper.py) to confirm the private key is never transmitted off-device and safeguards are implemented correctly. Recommend: do not store raw private keys in long-lived files or shared CI, prefer ephemeral signing/hardware wallet or audit the SDK before use. LLM verification: The skill's stated purpose (near-expiry conviction trading on Polymarket) matches its capabilities. However, there are notable supply-chain and operational risks: it asks users to store a raw wallet private key in an environment variable and does not clearly state whether trades or signed payloads are proxied through the Simmer API. Those two factors create a meaningful credential-exposure and interception risk. I find no direct malware or obfuscated code in the provided documentation fragment,