扫描报告
5 /100
polymarket-onlyfans-trader
Trades Polymarket markets on OnlyFans — celebrity join events, platform bans/restrictions, and creator earnings — using three structural mispricings. Paper-trading safe by default.
A legitimate Polymarket prediction-market trading skill built on the official simmer-sdk; no malicious behavior, obfuscation, credential theft, or undeclared capabilities detected.
可以安装
No immediate action needed. Verify the simmer-sdk package authenticity (import only from pypi.org) before production use. Ensure SIMMER_API_KEY is stored securely (e.g., vault or secrets manager) and never committed to version control.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | trader.py: reads no external files beyond its own source |
| 网络访问 | READ | READ | ✓ 一致 | trader.py: uses SimmerClient which communicates with Polymarket API — declared i… |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | trader.py: reads SIMMER_API_KEY and 7 SIMMER_* tunables from os.environ — all de… |
| 技能调用 | NONE | NONE | — | No inter-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 32.8 KB · 778 行 Python 1f · 527L
Markdown 1f · 172L
JSON 1f · 79L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | latest (unpinned in source) | pypi | 否 | No version pin in source; clawhub.json declares pip requirement without version specifier. Recommend pinning to a specific version for reproducibility. |
安全亮点
✓ No shell execution, subprocess, os.system, or any form of arbitrary command invocation
✓ No base64-encoded strings, eval(), exec(), or dynamic code generation
✓ No obfuscation techniques (obfuscated strings, dead code, steganography)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, credentials store)
✓ No environment variable enumeration (no os.environ iteration for secrets)
✓ No outbound data exfiltration, C2 communication, or external IP contacts beyond Polymarket API
✓ No suspicious downloads or remote script execution (curl|bash, wget|sh)
✓ No hidden functionality: all logic (market classification, bias multipliers, signal computation) is straightforward and matches documentation
✓ Safe default behavior: paper trading (venue='sim') without --live flag, confirmed in SKILL.md and implemented in trader.py:285
✓ Explicit autostart:false and cron:null in clawhub.json — no automatic execution
✓ Only one external dependency: simmer-sdk from PyPI, with declared pip requirement in clawhub.json
✓ All tunable parameters (8 risk parameters) are declared in both SKILL.md and clawhub.json
✓ No typosquatting risk: dependency name is specific ('simmer-sdk') and version is implicitly pinned by PyPI resolution