扫描报告
5 /100
polymarket-24h-price-curve-arb-trader
Trades structural mispricings in crypto price-threshold markets on Polymarket by reconstructing implied probability distribution curves across strike levels.
A legitimate Polymarket arbitrage trading bot using the simmer-sdk client; paper trading by default, no shell/network primitives, no credential exfiltration, and documentation matches implementation.
可以安装
No action needed. The skill is a straightforward trading algorithm with appropriate safety defaults and no security violations.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | trader.py:1 — simmer_sdk.network calls only |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:32-42 — direct os.environ.get() for named vars only |
| 文件系统 | NONE | NONE | — | No file I/O in trader.py |
| 命令执行 | NONE | NONE | — | No subprocess/os.system calls in trader.py |
目录结构
3 文件 · 26.0 KB · 684 行 Python 1f · 475L
Markdown 1f · 122L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | unpinned | pip | 否 | No version constraint in clawhub.json; verify source is https://pypi.org/project/simmer-sdk/ before install |
安全亮点
✓ No shell or subprocess execution — all logic is pure Python
✓ No credential exfiltration — SIMMER_API_KEY is used only for SDK auth
✓ No iteration over os.environ — only named, declared environment variables are read
✓ Paper trading is the default (sim venue); live trading requires explicit --live flag
✓ autostart: false and cron: null — nothing runs automatically
✓ SDK client (simmer-sdk) handles all network I/O; no raw socket/curl usage
✓ No base64, obfuscation, or anti-analysis patterns
✓ Documentation (SKILL.md) accurately describes the implementation
✓ Skill name, author (Diagnostikon), and purpose are consistent across all files