中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
polymarket-bundle-esports-tempo-trader
Trades tempo inconsistencies across Dota2/esports game props on Polymarket
A legitimate Polymarket esports trading bot with a small, clean codebase. No malicious patterns detected. Paper-trading by default with no shell execution, credential theft, obfuscation, or undeclared behavior.
技能名称polymarket-bundle-esports-tempo-trader
分析耗时36.9s
引擎pi
可以安装
No action needed. The skill is safe to use with standard caution: treat SIMMER_API_KEY as a high-value credential and never run with --live unless financial risk is understood.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file reads or writes in trader.py
网络访问 READ READ ✓ 一致 trader.py:325-338 find_markets() calls client.find_markets() and client.get_mark…
命令执行 NONE NONE No os.system, subprocess, popen, or exec calls found
环境变量 READ READ ✓ 一致 trader.py:40-49 reads SIMMER_* vars from os.environ for configuration
技能调用 NONE NONE No dynamic skill invocation
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser/Selenium/playwright usage
数据库 NONE NONE No database access

目录结构

3 文件 · 32.4 KB · 833 行
Python 1f · 643L Markdown 1f · 103L JSON 1f · 87L
├─ 📋 clawhub.json JSON 87L · 1.8 KB
├─ 📝 SKILL.md Markdown 103L · 6.3 KB
└─ 🐍 trader.py Python 643L · 24.2 KB

依赖分析 1 项

包名版本来源已知漏洞备注
simmer-sdk * pip (PyPI) Version not pinned; sourced from PyPI

安全亮点

✓ Clean, small codebase (643 lines Python, 3 files) with no obfuscation or suspicious patterns
✓ Paper-trading by default (venue='sim') with explicit --live flag required for real trades
✓ No shell execution, subprocess, or system command invocation
✓ No credential theft or environment variable harvesting beyond the declared SIMMER_API_KEY
✓ No base64 encoding, eval, or dynamic code execution
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No external IOCs or C2 indicators
✓ Thorough documentation with safety table and explicit financial risk disclosures
✓ Risk parameter tunables are all declared and adjustable via UI