扫描报告
0 /100
polymarket-candle-marubozu-trader
Trades marubozu continuation signals on Polymarket 5-minute crypto interval markets
Clean Polymarket marubozu continuation trading bot with paper-trading default, no shell execution, no sensitive path access, and no hidden functionality.
可以安装
This skill is safe to use. It operates through the simmer-sdk, defaults to paper trading, and only accesses declared environment variables for trading configuration.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file I/O operations in code |
| 网络访问 | READ | READ | ✓ 一致 | Uses simmer-sdk for API calls to Polymarket (trader.py:58-63) |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | Only reads SIMMER_API_KEY and SIMMER_* tunables (trader.py:28-38,61) |
| 技能调用 | NONE | NONE | — | No inter-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 21.7 KB · 531 行 Python 1f · 352L
Markdown 1f · 92L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Legitimate SDK from SpartanLabsXyz; version not pinned in requirements |
安全亮点
✓ Paper trading (venue='sim') is the safe default; live trades require explicit --live flag
✓ No subprocess, shell execution, or command injection vectors
✓ Only accesses declared SIMMER_* environment variables (no enumeration of os.environ)
✓ No filesystem writes or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64, obfuscation, or anti-analysis techniques
✓ Uses legitimate simmer-sdk from SpartanLabsXyz for all market operations
✓ Clear documentation of trading parameters and risk safeguards in SKILL.md
✓ Autostart and cron are disabled by default (automaton managed=false)
✓ No data exfiltration or credential theft patterns detected