中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 10/100
上次扫描:1 天前 重新扫描
10 /100
polymarket-sports-live-trader
Trades Polymarket prediction markets on sports championships, tournament outcomes, MVP awards, transfer windows, and season milestones.
A straightforward Polymarket sports trading script with clear documentation, paper-trading defaults, and no hidden or malicious behavior detected.
技能名称polymarket-sports-live-trader
分析耗时26.8s
引擎pi
可以安装
This skill is safe to use. Ensure SIMMER_API_KEY is treated as a high-value credential and never expose --live mode to untrusted environments.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file reads/writes in trader.py
网络访问 NONE READ ✓ 一致 All network via simmer-sdk; ESPN API only in docs as optional remix idea
命令执行 NONE NONE No subprocess, os.system, or shell execution in trader.py
环境变量 READ READ ✓ 一致 Reads SIMMER_API_KEY and SIMMER_* tunables (lines 37-44)
技能调用 NONE NONE No skill invocation chains
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
1 项发现
🔗
中危 外部 URL 外部 URL
https://site.api.espn.com/apis/site/v2/sports/
SKILL.md:63

目录结构

3 文件 · 17.4 KB · 440 行
Python 1f · 269L Markdown 1f · 103L JSON 1f · 68L
├─ 📋 clawhub.json JSON 68L · 1.1 KB
├─ 📝 SKILL.md Markdown 103L · 4.7 KB
└─ 🐍 trader.py Python 269L · 11.6 KB

依赖分析 1 项

包名版本来源已知漏洞备注
simmer-sdk * pip Version not pinned; known vendor (SpartanLabsXyz/Simmer Markets)

安全亮点

✓ Paper trading is the safe default — real trades require explicit --live flag
✓ Autostart=false and cron=null prevent unattended execution
✓ All risk parameters are exposed as declared tunables in clawhub.json
✓ No subprocess, shell, or eval/exec usage anywhere in the codebase
✓ No sensitive file paths (~/.ssh, ~/.aws, .env) are accessed
✓ SKILL.md and trader.py are fully aligned — no hidden functionality
✓ No obfuscation, no base64 payloads, no anti-analysis techniques
✓ Financial safeguards: spread gate, days-to-resolution gate, flip-flop detection, slippage limits
✓ Credential (SIMMER_API_KEY) is properly scoped to the trading SDK