扫描报告
5 /100
polymarket-48h-player-prop-consistency-trader
Trades NBA player prop mispricings on Polymarket by detecting cross-stat consistency or divergence
Legitimate NBA player prop trading bot using the simmer-sdk for Polymarket, with safe paper-trading defaults and comprehensive documentation.
可以安装
This skill is safe to use. The only minor recommendation is to pin the simmer-sdk version in a requirements.txt for reproducible builds.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned dependency version 供应链 | clawhub.json:5 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in code |
| 网络访问 | READ | READ | ✓ 一致 | Uses simmer-sdk to query Polymarket API for market data |
| 命令执行 | NONE | NONE | — | No shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | Reads SIMMER_API_KEY and tunables from env; uses locally for API auth |
| 技能调用 | NONE | NONE | — | No skill invocation code present |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 26.2 KB · 702 行 Python 1f · 494L
Markdown 1f · 121L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned; declared in clawhub.json |
安全亮点
✓ Paper trading is the default mode (venue="sim"), eliminating financial risk by default
✓ Real trading requires explicit --live flag
✓ Autostart and cron are disabled by default (autostart: false, cron: null)
✓ Documentation comprehensively describes all functionality with no mismatches
✓ No shell execution, subprocess, or system calls
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No credential exfiltration - API key is used locally for Polymarket auth only
✓ No network calls to suspicious IPs or domains
✓ Clean code structure with proper input validation
✓ Risk parameters are tunable through declared environment variables