扫描报告
0 /100
polymarket-coffee-trader
Trades Polymarket coffee markets using three compounding seasonal edges — Brazil frost window mispricing, harvest cycle awareness, and ENSO phase.
A legitimate Polymarket coffee trading skill using date-derived seasonal multipliers with no malicious behavior, no undeclared capabilities, and safe paper-trading defaults.
可以安装
Approve for use. Pin simmer-sdk to a known-good version in production for supply-chain hygiene.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | trader.py — no file reads or writes beyond Python imports |
| 网络访问 | READ | READ | ✓ 一致 | trader.py:284 — SimmerClient trades via simmer-sdk; all network traffic is Polym… |
| 命令执行 | NONE | NONE | — | trader.py — no subprocess, os.system, eval, exec, or shell invocation |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:18-31 — reads SIMMER_API_KEY and tunables, passed only to SimmerClient… |
| 技能调用 | NONE | NONE | — | trader.py — no inter-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 26.1 KB · 649 行 Python 1f · 391L
Markdown 1f · 172L
JSON 1f · 86L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | unpinned | PyPI | 否 | Version not pinned; recommend pinning to a known release in production |
安全亮点
✓ No shell or subprocess execution — all logic is pure Python
✓ No obfuscation (no base64, eval, or exec)
✓ No credential harvesting or exfiltration — SIMMER_API_KEY is used only for Polymarket API auth via simmer-sdk
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)
✓ No hidden functionality — code implements exactly what SKILL.md describes
✓ Safe defaults — paper trading (venue=sim) is the default; --live flag is required for real trades
✓ No data exfiltration — no external IP, no POSTs to unknown endpoints
✓ No persistence mechanisms — no cron, no autostart, no backdoors
✓ All tunables are declared in clawhub.json and documented in SKILL.md
✓ Function names and logic map directly to documented seasonal trading strategy