扫描报告
5 /100
polymarket-cybersecurity-trader
Trades Polymarket prediction markets on major cyberattacks, ransomware incidents, data breaches, zero-day exploits, and national cybersecurity legislation.
A legitimate Polymarket trading skill that reads environment variables for config, makes API calls via the simmer-sdk, and contains no shell execution, obfuscation, credential theft, or hidden functionality.
可以安装
No action needed. The skill is safe to use with paper trading default.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | trader.py:1-405 — no file I/O operations |
| 网络访问 | READ | READ | ✓ 一致 | trader.py:58-64 — SimmerClient API calls only |
| 命令执行 | NONE | NONE | — | trader.py:1-405 — no subprocess/os.system/os.popen calls |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:24-30 — reads SIMMER_* env vars for config only |
| 技能调用 | NONE | NONE | — | No inter-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 31.1 KB · 617 行 Python 1f · 405L
Markdown 1f · 139L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | PyPI | 否 | Version not pinned — minor supply chain noise only |
安全亮点
✓ Safe-by-default paper trading (venue=sim) with no auto-start
✓ Live trades require explicit --live flag — prevents accidental real trading
✓ No shell execution, subprocess, or system command calls
✓ No credential harvesting beyond SIMMER_API_KEY (required for trading API)
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, atob) or anti-analysis techniques
✓ No hidden functionality — code behavior matches SKILL.md documentation
✓ No data exfiltration or C2 communication
✓ No cron/scheduled task persistence hooks
✓ Explicit API key requirement is documented and necessary for the trading function