扫描报告
5 /100
polymarket-48h-precipitation-range-trader
Trades mispricings in precipitation-range markets by reconstructing probability distributions across bins and detecting sum/monotonicity violations
Legitimate Polymarket precipitation-range trading bot with no malicious behavior, paper-trading by default, and clean implementation.
可以安装
Approve for use. The skill is a well-documented trading bot that identifies probability distribution violations in Polymarket precipitation markets. No action required.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | simmer-sdk dependency not version-pinned 供应链 | clawhub.json:6 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in trader.py |
| 网络访问 | READ | READ | ✓ 一致 | SDK connects to Polymarket API for market data and trade execution; declared in … |
| 命令执行 | NONE | NONE | — | No subprocess or shell command execution in trader.py |
| 环境变量 | READ | READ | ✓ 一致 | Reads SIMMER_API_KEY and risk tunables; credential used locally with SDK only |
目录结构
3 文件 · 29.2 KB · 767 行 Python 1f · 561L
Markdown 1f · 119L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | unpinned | pip | 否 | No version pin in clawhub.json; PyPI package without fixed version |
安全亮点
✓ Paper trading by default (venue="sim"), zero financial risk without explicit --live flag
✓ No subprocess or shell execution
✓ No sensitive file path access (~/.ssh, ~/.aws, .env, etc.)
✓ No credential exfiltration — SIMMER_API_KEY is used locally with the SDK only
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No hidden functionality — all behavior matches SKILL.md documentation
✓ Comprehensive safeguards: threshold gates, spread filters, flip-flop detection, max positions
✓ Clean code with no dynamic execution (no eval, exec, or ast.literal_eval misuse)