polymarket-simmer-fastloop
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
polymarket-simmer-fastloop.pycontains a hardcoded authentication token (cm_568c67eae410d912c54c) within the URLs used to query the NOFX market data API (lines 789-790). - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
simmer-sdkPython package from an external registry as specified inclawhub.jsonand the setup instructions. - [DATA_EXFILTRATION]: The script performs network requests to various non-whitelisted external APIs including
clob.polymarket.com,api.binance.com,gamma-api.polymarket.com, andnofxos.aito retrieve market information.
Recommendations
- AI detected serious security threats
Audit Metadata