Scan Report
5 /100
kalshi-crypto-monotonicity-trader
Enforces monotonicity constraints on crypto price-level markets on Kalshi. P(BTC > $110k) must always >= P(BTC > $120k). Trades violations by buying underpriced lower-threshold contracts and selling overpriced higher-threshold ones.
合法的加密货币预测市场套利交易机器人,通过 Simmer SDK 执行交易,默认干跑模式,代码结构清晰,无恶意行为。
Safe to install
可直接使用。注意:提供 SOLANA_PRIVATE_KEY 时确保运行环境可信,避免非必要渠道泄露私钥。
Findings 3 items
| Severity | Finding | Location |
|---|---|---|
| Low | tradejournal 集成可选但有影子调用 | trader.py:28 |
| Info | 干跑模式默认开启,实盘需显式 --live | trader.py:603:603 |
| Info | SOLANA_PRIVATE_KEY 声明完整 | SKILL.md:44 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Environment | READ | READ | ✓ Aligned | trader.py:36-37 读取 SIMMER_API_KEY、TRADING_VENUE |
| Network | READ | READ | ✓ Aligned | trader.py 通过 simmer_sdk.SimmerClient._request() 调用 API |
| Filesystem | READ | READ | ✓ Aligned | trader.py:44 load_config() 读取本地配置 |
2 findings
Medium External URL 外部 URL
https://simmer.markets/skills SKILL.md:10 Info Email 邮箱地址
[email protected] SKILL.md:118 File Tree
4 files · 33.1 KB · 897 lines Python 1f · 687L
Markdown 1f · 120L
JSON 2f · 90L
├─
_meta.json
JSON
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
simmer-sdk | * | pip | No | 无版本锁定,来自 PyPI,由 Simmer Markets 维护 |
Security Positives
✓ 无 subprocess/shell/eval 等高危操作
✓ 无 base64/bash 管道或裸 IP 请求
✓ 无敏感路径遍历(~/.ssh、.env 等)
✓ 网络通信完全通过官方 simmer-sdk 进行,路径透明
✓ 默认干跑模式,可控性强
✓ 有完整的止损/滑点/流动性保护机制
✓ 所有外部 URL 均为官方域名(simmer.markets, pypi.org, github.com)
✓ 代码结构清晰,逻辑完整,文档与实现一致