扫描报告
5 /100
polymarket-48h-geopolitics-cluster-trader
Trades logical inconsistencies in geopolitical event clusters on Polymarket using consistency arbitrage
A legitimate Polymarket geopolitical cluster arbitrage trading skill with clean code, declared credentials, and safe-by-default paper trading mode.
可以安装
No action required. The skill is safe to use. Ensure SIMMER_API_KEY is treated as a high-value credential as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | trader.py: No file open/write operations detected |
| 网络访问 | READ | READ | ✓ 一致 | trader.py:23 - uses simmer-sdk for Polymarket API calls only |
| 命令执行 | NONE | NONE | — | trader.py: No subprocess/os.system/eval/exec detected |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:34-42 - reads only declared SIMMER_* tuning parameters |
| 技能调用 | NONE | NONE | — | No skill invocation patterns detected |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | NONE | NONE | — | No browser automation detected |
| 数据库 | NONE | NONE | — | No database access detected |
目录结构
3 文件 · 30.9 KB · 800 行 Python 1f · 594L
Markdown 1f · 119L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | External SDK - PyPI package, not pinned. Network calls occur within SDK implementation. |
安全亮点
✓ Safe-by-default design: paper trading (venue='sim') is the default mode; --live flag required for real trades
✓ No shell execution: zero subprocess, os.system, eval, or exec calls
✓ No file system writes: only reads declared environment variables
✓ No obfuscation: clean, readable code with no base64, encoded strings, or anti-analysis patterns
✓ Clear documentation: all credentials and tuning parameters documented in SKILL.md and clawhub.json
✓ Minimal dependency surface: only uses standard library + simmer-sdk from PyPI
✓ No credential harvesting: does not iterate os.environ or access ~/.ssh, ~/.aws, .env
✓ No data exfiltration: no outbound connections to arbitrary IPs, all network via official simmer-sdk
✓ Autostart disabled: 'autostart: false' prevents automatic execution
✓ No cron/scheduled tasks: 'cron: null' means no persistence mechanism