扫描报告
5 /100
polymarket-ladder-social-posts-trader
Trades distribution-sum violations in social media post-count range markets on Polymarket
Clean trading skill with transparent Polymarket API integration, paper-trading safeguards, and full doc-to-code alignment.
可以安装
No action required. This skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md is documentation only; no writes to disk in trader.py |
| 网络访问 | READ | READ | ✓ 一致 | All network activity routed through simmer-sdk SimmerClient; no raw sockets or d… |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell commands; safe_print uses print() only |
| 环境变量 | READ | READ | ✓ 一致 | os.environ used only for SIMMER_* tunables (declared in SKILL.md Table 2 and cla… |
| 技能调用 | NONE | NONE | — | No skill invocation chains |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 28.3 KB · 734 行 Python 1f · 520L
Markdown 1f · 127L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned; direct PyPI dependency from SpartanLabsXyz/Simmer Markets |
安全亮点
✓ Paper trading (venue=sim) by default — zero financial risk without --live flag
✓ All environment variables declared in both SKILL.md (Table 2) and clawhub.json tunables
✓ Simmer safeguards: flip-flop detection, slippage checks, max spread/liquidity/volume filters
✓ Threshold gates (YES_THRESHOLD/NO_THRESHOLD) prevent trading at unfavorable prices
✓ No subprocess, os.system, shell commands, or base64/eval
✓ No credential harvesting beyond the declared SIMMER_API_KEY used only for SimmerClient auth
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No obfuscation, hidden instructions, or C2 indicators
✓ Dependency: simmer-sdk only (pinned from PyPI), no untrusted third-party packages
✓ apply_skill_config is a documented Simmer runtime method, not a security concern
✓ Full doc-to-code alignment: every os.environ read, client call, and parameter is documented