扫描报告
5 /100
kalshi-crypto-correlation-trader
Exploits BTC/ETH correlation (beta=1.3) to trade ETH price-level markets when BTC makes a significant move
A legitimate crypto correlation trading skill that uses the simmer-sdk to trade BTC/ETH price-level markets via Kalshi/DFlow. No malicious behavior detected - all capabilities are declared and the codebase is clean.
可以安装
This skill is safe to use. Ensure SIMMER_API_KEY and SOLANA_PRIVATE_KEY are kept confidential and only use --live flag when you intend to execute real trades.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations beyond config loading via SDK |
| 网络访问 | READ | READ | ✓ 一致 | API calls only to simmer.markets APIs via simmer-sdk |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | Reads only SIMMER_API_KEY and SOLANA_PRIVATE_KEY as declared |
| 技能调用 | NONE | NONE | — | Uses skill framework but no cross-skill attacks |
| 剪贴板 | NONE | NONE | — | Not accessed |
| 浏览器 | NONE | NONE | — | Not used |
| 数据库 | NONE | NONE | — | Not accessed |
2 项发现
中危 外部 URL 外部 URL
https://simmer.markets/skills SKILL.md:10 提示 邮箱 邮箱地址
[email protected] SKILL.md:110 目录结构
3 文件 · 29.5 KB · 846 行 Python 1f · 649L
Markdown 1f · 112L
JSON 1f · 85L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pypi | 否 | External dependency - recommend pinning to specific version in production |
安全亮点
✓ No shell execution or subprocess usage
✓ No credential harvesting beyond required API keys
✓ No base64 encoded payloads or obfuscated code
✓ No external network calls except to declared simmer.markets API
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Dry-run mode defaults on - real trades require explicit --live flag
✓ Cron set to null and autostart disabled - no automatic execution
✓ Clear documentation with all required permissions declared
✓ Uses typed configuration with schema validation
✓ Implements safeguards for slippage, liquidity, and market resolution