扫描报告
5 /100
polymarket-maker
Continuous Static Market Making execution skill for Polymarket. Sells BOTH sides of 5-minute binary markets at $0.52.
Legitimate Polymarket trading bot using standard crypto libraries with no hidden functionality or credential exfiltration.
可以安装
No action required. This is a standard DeFi trading implementation.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned dependency versions 供应链 | package.json:6 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in code |
| 网络访问 | READ | READ | ✓ 一致 | api.binance.com, clob.polymarket.com, gamma-api.polymarket.com |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares nohup/node execution |
| 环境变量 | READ | READ | ✓ 一致 | WALLET_PRIVATE_KEY accessed via process.env |
| 技能调用 | NONE | NONE | — | No skill invocation |
4 项发现
中危 外部 URL 外部 URL
https://api.binance.com/api/v3/ticker/price?symbol=$ index.mjs:56 中危 外部 URL 外部 URL
https://clob.polymarket.com/book?token_id=$ index.mjs:65 中危 外部 URL 外部 URL
https://gamma-api.polymarket.com/markets?slug=$ index.mjs:80 中危 外部 URL 外部 URL
https://clob.polymarket.com index.mjs:98 目录结构
3 文件 · 9.6 KB · 273 行 JavaScript 1f · 238L
Markdown 1f · 25L
JSON 1f · 10L
├─
index.mjs
JavaScript
├─
package.json
JSON
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@polymarket/clob-client | ^5.8.0 | npm | 否 | Version range not pinned |
dotenv | ^17.3.1 | npm | 否 | Version range not pinned |
ethers | ^6.16.0 | npm | 否 | Version range not pinned |
安全亮点
✓ Code is readable with no obfuscation or base64 encoding
✓ No eval() or Function() usage
✓ No credential exfiltration - WALLET_PRIVATE_KEY used only for local transaction signing via ethers.js
✓ Network requests limited to legitimate Polymarket and Binance APIs
✓ No hidden functionality - implementation matches SKILL.md documentation
✓ Standard DeFi trading patterns using well-known libraries (ethers.js, @polymarket/clob-client)
✓ Built-in stop-loss mechanism demonstrates protective intent