扫描报告
5 /100
polymarket-bundle-dota2-props-trader
Trades bundle inconsistencies across correlated Dota 2 match props on Polymarket
A legitimate Polymarket Dota 2 props trading skill with transparent behavior, paper-trading defaults, and no security concerns found.
可以安装
Approve for use. The skill is well-documented, operates safely by default, and requires no additional scrutiny.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access in trader.py |
| 网络访问 | READ | READ | ✓ 一致 | Uses SimmerClient SDK for Polymarket API calls only |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | Reads SIMMER_API_KEY and tuning env vars only |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 30.0 KB · 748 行 Python 1f · 556L
Markdown 1f · 105L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Official Simmer Markets SDK from PyPI; version not pinned but package is well-known |
安全亮点
✓ Paper trading (venue='sim') is the default mode; live trading requires explicit --live flag
✓ Documentation is comprehensive and matches code behavior (SKILL.md matches trader.py)
✓ No shell execution or subprocess usage
✓ No filesystem writes or sensitive path access
✓ Credential access (SIMMER_API_KEY) is necessary and scoped to trading function; not exfiltrated
✓ Autostart is explicitly disabled (autostart: false, cron: null)
✓ Uses well-known PyPI package (simmer-sdk) from SpartanLabsXyz
✓ All trading parameters are declared as tunable in clawhub.json
✓ No obfuscation, base64, or hidden instructions found
✓ No remote script execution or curl|bash patterns
✓ Context safeguards (flip-flop, slippage checks) provide additional safety