扫描报告
5 /100
polymarket-24h-equity-strike-trader
Trades structural mispricings in equity/stock price-threshold markets by reconstructing the implied probability curve across strike levels and detecting monotonicity breaks and range-sum inconsistencies.
A legitimate Polymarket trading bot that detects probability-curve violations in equity strike-ladder markets using the simmer-sdk. Defaults to paper trading, only reads declared environment variables, and performs no obfuscation, credential harvesting, or undeclared network/file/shell access.
可以安装
This skill is safe to use. No security concerns identified. Ensure SIMMER_API_KEY is stored securely (e.g., secret manager, not .env committed to source).
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 环境变量 | READ | READ | ✓ 一致 | trader.py:27-40 (os.environ.get for SIMMER_API_KEY + 9 tunables) |
| 网络访问 | READ | READ | ✓ 一致 | trader.py:44-57 (SimmerClient with venue='polymarket' or 'sim') |
| 命令执行 | NONE | NONE | — | No subprocess/os.system/eval calls in trader.py |
| 文件系统 | NONE | NONE | — | No open()/write()/read() file operations in trader.py |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database operations |
| 技能调用 | NONE | NONE | — | No nested skill invocation |
目录结构
3 文件 · 29.7 KB · 785 行 Python 1f · 567L
Markdown 1f · 131L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | latest | PyPI | 否 | Hosted on pypi.org by SpartanLabsXyz; version pinning recommended for reproducibility |
安全亮点
✓ Paper trading (venue='sim') is the default — zero financial risk out of the box
✓ Explicit --live flag required for real trades, clearly documented in SKILL.md and trader.py
✓ Only reads declared environment variables; no iteration over os.environ for credential discovery
✓ No obfuscation (no base64, no eval, no atob patterns)
✓ No shell execution, subprocess, or direct network calls — all via trusted simmer-sdk
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No credential exfiltration or data leakage patterns
✓ Risk parameters (position limits, thresholds) are tunable and documented
✓ Autostart=false and cron=null prevent silent unattended execution
✓ Dependencies are a single well-named PyPI package (simmer-sdk)