扫描报告
0 /100
polymarket-bundle-tennis-set-match-trader
Trades cross-market constraint violations in tennis Set 1 O/U, Match O/U, Total Sets O/U, Set Handicap, and Set/Match Winner bundles on Polymarket
Legitimate Polymarket trading bot that detects and exploits cross-market constraint violations in tennis prop betting. All behavior is documented, no malicious indicators found.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem operations in code |
| 网络访问 | READ | READ | ✓ 一致 | Uses simmer-sdk for Polymarket API calls only |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution |
| 环境变量 | READ | READ | ✓ 一致 | Reads only SIMMER_* vars; declared in SKILL.md |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 27.0 KB · 704 行 Python 1f · 523L
Markdown 1f · 94L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Official Simmer Markets SDK, version not pinned but package is well-known |
安全亮点
✓ Clear documentation with no mismatch between declared and actual behavior
✓ Paper trading by default (venue="sim"), real trades require explicit --live flag
✓ Only uses official simmer-sdk dependency from PyPI
✓ No subprocess, shell execution, or file system operations
✓ API key access is scoped to SIMMER_API_KEY only, used for legitimate trading
✓ Well-structured code with regex-based market parsing and constraint checking
✓ No obfuscation, base64 encoding, or hidden instructions
✓ No credential harvesting, C2 communication, or data exfiltration
✓ Environment variables are documented with tunable ranges in SKILL.md and clawhub.json
✓ Safety gates include YES/NO thresholds, min violation checks, position limits, and spread filters