扫描报告
20 /100
polymarket-catastrophe-trader
Trades Polymarket prediction markets on hurricane seasons, earthquake probabilities, wildfire forecasts, and extreme weather records
Legitimate Polymarket trading skill with clear documentation, paper-trading safeguards, and no malicious behavior detected. Minor concern: external simmer-sdk dependency not version-pinned.
可以安装
Approve for use. Consider pinning simmer-sdk to a specific version (e.g., pip install simmer-sdk==X.Y.Z) in a requirements.txt to reduce supply chain risk.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned external dependency 供应链 | clawhub.json:8 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | trader.py:client.find_markets(), client.trade() — Polymarket API access via Simm… |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:os.environ['SIMMER_API_KEY'] and SIMMER_* tunables — legitimate creden… |
| 文件系统 | NONE | NONE | — | No file read/write operations in codebase |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell execution calls detected |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 31.2 KB · 636 行 Python 1f · 425L
Markdown 1f · 138L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | unpinned | PyPI | 否 | Version not pinned — supply chain risk |
安全亮点
✓ Paper trading (venue="sim") is the safe default — real trades require explicit --live flag
✓ Documentation is comprehensive and accurately describes all functionality
✓ No obfuscation techniques (no base64, eval, or encoded strings)
✓ No credential harvesting or data exfiltration behavior
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No remote script execution (curl|bash, wget|sh)
✓ Code is well-structured and readable
✓ Financial risk parameters are clearly documented and tunable