polymarket-emerging-tech-trader 安全扫描报告 — 可信 | ClawSafe

5 /100

polymarket-emerging-tech-trader

Trades Polymarket prediction markets on Web3/DeFi, metaverse, robotics, quantum computing, and synthetic biology markets

A legitimate Polymarket paper-trading skill with well-documented safe-by-default behavior, no hidden functionality, and no suspicious security signals.

技能名称polymarket-emerging-tech-trader

分析耗时25.4s

引擎pi

✓

可以安装

Safe to use. The skill defaults to paper trading and requires an explicit --live flag for real trades. No action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	trader.py - No file read/write operations
网络访问	`NONE`	`NONE`	—	trader.py - All network calls go through SimmerClient from simmer-sdk
命令执行	`NONE`	`NONE`	—	trader.py - No subprocess, os.system, or shell execution
环境变量	`READ`	`READ`	✓ 一致	trader.py:27-35 - Reads SIMMER_* env vars; SIMMER_API_KEY for auth
技能调用	`NONE`	`NONE`	—	trader.py - No recursive skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No direct database access

5 项发现

🔗

中危外部 URL 外部 URL

https://defillama.com/

SKILL.md:115

🔗

中危外部 URL 外部 URL

https://quantum.ibm.com/

SKILL.md:117

🔗

中危外部 URL 外部 URL

https://gfi.org/

SKILL.md:118

🔗

中危外部 URL 外部 URL

https://www.coinglass.com/nft

SKILL.md:119

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:171

目录结构

3 文件 · 19.2 KB · 485 行

Python 1f · 239L Markdown 1f · 173L JSON 1f · 73L

├─ 📋 clawhub.json JSON 73L · 1.2 KB

├─ 📝 SKILL.md Markdown 173L · 7.7 KB

└─ 🐍 trader.py Python 239L · 10.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`simmer-sdk`	`latest (PyPI)`	pip	否	Official SDK from Simmer Markets; not version-pinned in clawhub.json

安全亮点

✓ Paper trading is the safe default (venue='sim'), explicitly documented in SKILL.md and trader.py

✓ Live trading requires explicit --live flag — cannot be triggered silently by automation

✓ No subprocess, os.system, or any shell execution — all logic is pure Python

✓ No filesystem read/write operations — no file manipulation of any kind

✓ No direct network requests — all API calls go through the official SimmerClient SDK

✓ No sensitive path access (~/.ssh, ~/.aws, .env beyond declared SIMMER_API_KEY)

✓ No obfuscation (no base64, no eval, no exec, no encoded payloads)

✓ Cron is explicitly set to null and autostart is false — automaton does not auto-run

✓ clear documentation of all tunable risk parameters

✓ API key is only used for authentication to the Simmer platform — not exfiltrated