polymarket-signal-sniper

The Polymarket Signal Sniper skill aligns with its stated purpose of monitoring RSS feeds and trading on signals, and uses standard API-based integrations. However, there are notable risk signals: automated trading with minimal per-signal user confirmation (autonomy_abuse), data flows from user signals to external services (data_exfiltration), and reliance on environment-provided API keys without explicit rotation/least-privilege controls. The installation path relies on simmer-sdk (likely from a registry) but still entails credential handling and automated financial actions which elevate risk. Overall, the footprint is coherent with a high-risk, automated trading helper rather than a benign data-processing tool. Benign compatibility is possible if safeguards are strictly enforced (explicit per-signal confirmations, robust logging, credential management, and user-override controls). Given the presence of multiple risk signals, the assessment leans toward SUSPICIOUS-to-HIGH risk, but not clearly MALICIOUS without evidence of credential harvesting or exfiltration beyond trading endpoints.