polymarket-ai-tech-trader 安全扫描报告 — 可信 | ClawSafe

5 /100

polymarket-ai-tech-trader

Trades Polymarket prediction markets on AI model releases, tech IPOs, product launches, and AI infrastructure milestones

A legitimate Polymarket trading skill with clear documentation, safe paper-trading defaults, and no suspicious behavior detected.

技能名称polymarket-ai-tech-trader

分析耗时27.9s

引擎pi

✓

可以安装

No immediate action required. Consider pinning `simmer-sdk` to a specific version for reproducibility.

安全发现 1 项

严重性	安全发现	位置
低危	Unpinned dependency version 供应链 simmer-sdk has no version constraint in clawhub.json pip requirements. While this is common practice for AI agent skills, it means the latest version would be installed, which could theoretically change behavior. `"pip": ["simmer-sdk"]` → Pin to a specific version: "simmer-sdk>=0.1.0,<1.0.0" or similar to ensure reproducible behavior.	`clawhub.json:6`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in trader.py
网络访问	`READ`	`READ`	✓ 一致	client.find_markets() via simmer-sdk
命令执行	`NONE`	`NONE`	—	No subprocess or shell commands
环境变量	`READ`	`READ`	✓ 一致	os.environ['SIMMER_API_KEY'] only
技能调用	`NONE`	`NONE`	—	No skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

3 文件 · 15.3 KB · 406 行

Python 1f · 189L Markdown 1f · 144L JSON 1f · 73L

├─ 📋 clawhub.json JSON 73L · 1.2 KB

├─ 📝 SKILL.md Markdown 144L · 6.3 KB

└─ 🐍 trader.py Python 189L · 7.8 KB

包名	版本	来源	已知漏洞	备注
`simmer-sdk`	`*`	pip	否	Version not pinned — would install latest

✓ Paper trading is the safe default (venue="sim")

✓ Real trades require explicit --live flag

✓ No shell/subprocess execution

✓ No credential harvesting or exfiltration

✓ No base64 encoding or obfuscation

✓ Documentation matches implementation exactly

✓ Clear risk parameters with safeguards (spread, days-to-resolution gates)

✓ Uses official simmer-sdk only for API calls

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)