polymarket-nordic-trader 安全扫描报告 — 可信 | ClawSafe

5 /100

polymarket-nordic-trader

Trades Polymarket prediction markets focused on Scandinavian and Nordic events using local knowledge and CET timezone edge.

A straightforward Polymarket trading skill with clean code, safe paper-trading defaults, explicit --live gate, and no hidden or malicious behavior.

技能名称polymarket-nordic-trader

分析耗时33.0s

引擎pi

✓

可以安装

Safe to use. Install via clawhub and configure SIMMER_API_KEY. For live trading, pass --live explicitly.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	trader.py:7 — from simmer_sdk import SimmerClient; calls client.find_markets(), …
环境变量	`READ`	`READ`	✓ 一致	trader.py:39 — os.environ['SIMMER_API_KEY'] and SIMMER_* tunables
命令执行	`NONE`	`NONE`	—	trader.py — zero subprocess/os.system calls
文件系统	`NONE`	`NONE`	—	No file I/O operations in trader.py
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

6 项发现

🔗

中危外部 URL 外部 URL

https://www.smhi.se/

SKILL.md:111

🔗

中危外部 URL 外部 URL

https://data.riksdagen.se/

SKILL.md:112

🔗

中危外部 URL 外部 URL

https://www.scb.se/

SKILL.md:113

🔗

中危外部 URL 外部 URL

https://www.svt.se/nyheter/

SKILL.md:114

🔗

中危外部 URL 外部 URL

https://www.di.se/

SKILL.md:115

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:167

目录结构

3 文件 · 19.5 KB · 486 行

Python 1f · 244L Markdown 1f · 169L JSON 1f · 73L

├─ 📋 clawhub.json JSON 73L · 1.2 KB

├─ 📝 SKILL.md Markdown 169L · 8.2 KB

└─ 🐍 trader.py Python 244L · 10.1 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`simmer-sdk`	`latest`	PyPI	否	Published by Simmer Markets ([email protected]); no version pinned in clawhub.json

安全亮点

✓ Paper trading (venue=sim) is the safe default — real trades require explicit --live flag

✓ No subprocess, os.system, or any shell command execution

✓ Single dependency on simmer-sdk from known PyPI publisher (simmer.markets)

✓ All network calls go through simmer-sdk to Polymarket API — no ad-hoc HTTP

✓ No credential exfiltration — SIMMER_API_KEY used only for trading auth

✓ No obfuscation (no base64, no eval, no exec)

✓ No sensitive path access (~/.ssh, ~/.aws, .env files)

✓ No persistence mechanisms (cron is null, autostart is false)

✓ SKILL.md fully documents all behavior and declared capabilities match implementation

✓ Risk parameters are tunable via SIMMER_* env vars — explicit, no hidden overrides

✓ Clean, readable code with no hidden payloads or shadow functionality