扫描报告
5 /100
polymarket-24h-precipitation-range-trader
Trades mispricings in Polymarket precipitation-range markets by reconstructing probability distributions and detecting sum/monotonicity violations
Clean Polymarket precipitation arbitrage skill; all capabilities declared, no hidden behavior, paper-first design, and no credential theft or exfiltration.
可以安装
No action needed. The skill is safe to use. Ensure SIMMER_API_KEY is stored securely and not committed to version control.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | trader.py: no open/write/fs calls |
| 网络访问 | READ | READ | ✓ 一致 | simmer-sdk → Polymarket API; declared in SKILL.md |
| 命令执行 | NONE | NONE | — | trader.py: no subprocess/os.system |
| 环境变量 | READ | READ | ✓ 一致 | os.environ['SIMMER_API_KEY'] + SIMMER_* tunables; all declared in SKILL.md |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No DB access |
目录结构
3 文件 · 30.0 KB · 767 行 Python 1f · 561L
Markdown 1f · 119L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | unpinned | pip | 否 | Referenced in SKILL.md but no pinned version in a requirements file; minor supply-chain risk if not pinned in deployment |
安全亮点
✓ Paper-first design: venue='sim' by default; real trades require explicit --live flag
✓ All environment variables (SIMMER_API_KEY, SIMMER_*) declared and documented
✓ No subprocess, no shell execution, no raw socket calls
✓ No base64/eval obfuscation or hidden instruction payloads
✓ No credential harvesting or data exfiltration
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No autostart/cron; user must explicitly configure
✓ Sensible trade safeguards: threshold gates, max position, spread checks, flip-flop detection
✓ Market data flows through a named SDK (simmer-sdk) rather than raw HTTP, reducing attack surface