扫描报告
5 /100
polymarket-candle-cross-asset-divergence-trader
Detects cross-asset divergence in Polymarket crypto 5-minute interval markets and trades convergence
A legitimate Polymarket crypto trading skill with no malicious behavior, safe paper-trading defaults, and clean well-documented code.
可以安装
Approve for use. Consider pinning the simmer-sdk version for improved supply chain hygiene.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned simmer-sdk dependency 供应链 | clawhub.json:3 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access in code |
| 网络访问 | READ | READ | ✓ 一致 | SDK API calls only through SimmerClient |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution |
| 环境变量 | READ | READ | ✓ 一致 | Only declared tunables: SIMMER_API_KEY, SIMMER_MAX_POSITION, etc. |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 22.4 KB · 559 行 Python 1f · 377L
Markdown 1f · 95L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned - minor supply chain risk |
安全亮点
✓ Safe default behavior: paper trading (sim mode) unless --live flag explicitly provided
✓ Clean code with no subprocess, shell execution, or file operations
✓ No credential exfiltration or sensitive data transmission outside SDK
✓ Well-documented strategy with clear explanation of trading logic
✓ No obfuscation, base64 encoding, or anti-analysis patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ All environment variable access is declared and documented
✓ Doc-to-code alignment: SKILL.md accurately describes actual behavior