中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:1 天前 重新扫描
0 /100
polymarket-ladder-chess-tournament-trader
Trades distribution-sum violations in chess tournament winner markets on Polymarket using the simmer-sdk library
A legitimate chess tournament distribution-sum arbitrage trader using the simmer-sdk library. All capabilities match the documented behavior with safe paper-trading defaults.
技能名称polymarket-ladder-chess-tournament-trader
分析耗时25.3s
引擎pi
可以安装
No action needed. The skill is safe to use as documented.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE trader.py: no file reads or writes
网络访问 NONE READ ✓ 一致 trader.py: all network calls are SDK API calls through simmer-sdk (SimmerClient)…
命令执行 NONE NONE trader.py: no subprocess, no os.system, no shell invocation
环境变量 READ READ ✓ 一致 trader.py:17-18 reads 9 SIMMER_* env vars for config; SIMMER_API_KEY required; a…
技能调用 NONE NONE No skill invocation detected
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access

目录结构

3 文件 · 21.5 KB · 540 行
Python 1f · 332L Markdown 1f · 121L JSON 1f · 87L
├─ 📋 clawhub.json JSON 87L · 1.9 KB
├─ 📝 SKILL.md Markdown 121L · 6.5 KB
└─ 🐍 trader.py Python 332L · 13.1 KB

依赖分析 1 项

包名版本来源已知漏洞备注
simmer-sdk * pip Version not pinned; PyPI-only source

安全亮点

✓ Paper trading (venue="sim") is the safe default; live trades require explicit --live flag
✓ All risk parameters are environment-variable tunable with documented defaults
✓ No shell execution (subprocess, os.system) — code is pure Python logic
✓ No sensitive file or path access (no ~/.ssh, ~/.aws, .env reads)
✓ No obfuscation (no base64, no eval, no atob patterns)
✓ No credential exfiltration — SIMMER_API_KEY is only consumed by the SDK for trading
✓ No remote script download (no curl|bash, wget|sh, pip install from untrusted sources)
✓ Autostart is false and cron is null — no unattended execution by default
✓ All network behavior is through the well-documented simmer-sdk library
✓ clawhub.json properly declares automaton entrypoint and required env vars