中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
polymarket-geopolitics-trader
Trades Polymarket prediction markets on geopolitical events — wars, ceasefires, sanctions, diplomatic breakthroughs, and regime changes.
A legitimate Polymarket geopolitical trading bot with safe paper-trading defaults, fully declared credentials, no shell access, and no suspicious behavior.
技能名称polymarket-geopolitics-trader
分析耗时26.1s
引擎pi
可以安装
No action needed. The skill is safe to use with the documented SIMMER_API_KEY credential.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No filesystem operations in code
网络访问 READ READ ✓ 一致 SDK makes outbound API calls for market data; declared in SKILL.md dependency se…
命令执行 NONE NONE No subprocess, no os.system, no shell commands
环境变量 READ READ ✓ 一致 os.environ for SIMMER_API_KEY and tunables — declared in SKILL.md credentials ta…
技能调用 NONE NONE No skill-invocation logic
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database operations

目录结构

3 文件 · 20.0 KB · 483 行
Python 1f · 298L Markdown 1f · 117L JSON 1f · 68L
├─ 📋 clawhub.json JSON 68L · 1.1 KB
├─ 📝 SKILL.md Markdown 117L · 5.8 KB
└─ 🐍 trader.py Python 298L · 13.1 KB

依赖分析 1 项

包名版本来源已知漏洞备注
simmer-sdk * pip Version not pinned; from PyPI (SpartanLabsXyz), appears legitimate

安全亮点

✓ Paper trading (venue=sim) is the safe default; live trades require explicit --live flag
✓ autostart=false and cron=null — nothing runs automatically
✓ Only one credential required (SIMMER_API_KEY), clearly documented in SKILL.md
✓ No shell execution, no subprocess, no os.system calls
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env, etc.)
✓ No credential harvesting or environment variable enumeration
✓ No base64-encoded payloads or code obfuscation
✓ No data exfiltration or C2 communication patterns
✓ No remote script execution (curl|bash, wget|sh)
✓ Code is clean, readable, and matches documentation
✓ Strategy logic is documented with mathematical transparency (conviction, bias multipliers)