扫描报告
10 /100
polymarket-global-elections-trader
Trades Polymarket prediction markets on elections, referendums, and democratic events worldwide
A legitimate Polymarket election trading bot that uses keyword-based market discovery and conviction-based sizing. No malicious behavior detected; all functionality is accurately documented in SKILL.md.
可以安装
No immediate action required. Consider pinning the simmer-sdk version for reproducibility.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned SDK dependency 供应链 | clawhub.json:5 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file I/O in trader.py |
| 网络访问 | NONE | READ | ✓ 一致 | simmer-sdk makes outbound API calls to Polymarket; indirectly required for tradi… |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell execution |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:51-59 reads SIMMER_* vars for configuration |
| 技能调用 | NONE | NONE | — | No skill-to-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 27.6 KB · 587 行 Python 1f · 385L
Markdown 1f · 129L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned; PyPI package from SpartanLabsXyz |
安全亮点
✓ Safe paper-trading default (venue="sim" unless --live flag is explicitly provided)
✓ No shell execution, file writes, or credential harvesting beyond the declared SIMMER_API_KEY
✓ Documentation accurately describes all behavior — no hidden functionality
✓ No obfuscation techniques (no base64, eval, or anti-analysis patterns)
✓ Guards against slippage and flip-flop trades via context_ok() function
✓ No network requests made directly — all API calls go through the simmer-sdk
✓ Cron/automaton disabled by default (autostart: false)