扫描报告
0 /100
polymarket-supply-chain-trader
Trades Polymarket prediction markets for supply chain disruptions, shipping delays, and commodity prices
A legitimate Polymarket trading integration with safe defaults (paper trading by default), no shell execution, no credential exfiltration, and fully documented behavior matching implementation.
可以安装
This skill is safe to use. Ensure SIMMER_API_KEY is kept private and do not pass --live flag in untrusted environments.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | trader.py:77 - SimmerClient connects to Polymarket API |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:25-31 - Reads SIMMER_* config vars |
| 文件系统 | NONE | NONE | — | No file operations in codebase |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution calls |
1 项发现
提示 邮箱 邮箱地址
[email protected] SKILL.md:146 目录结构
3 文件 · 19.0 KB · 480 行 Python 1f · 259L
Markdown 1f · 148L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pypi | 否 | SDK for Polymarket trading API |
安全亮点
✓ Safe defaults: paper trading (venue='sim') without --live flag
✓ No shell execution - uses only SimmerClient SDK
✓ No credential exfiltration - API key used only for trading API
✓ Full documentation matches implementation (doc-to-code aligned)
✓ No obfuscation - clean, readable Python code
✓ No hidden functionality or shadow features
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote code execution (no curl|bash, wget|sh)
✓ Cron disabled by default (autostart: false)
✓ Simple, focused implementation with clear trading logic