扫描报告
5 /100
polymarket-celebrity-social-trader
Trades Polymarket prediction markets on celebrity events, viral social media moments, and reality TV outcomes with conviction-based sizing and fan loyalty bias correction.
A legitimate Polymarket trading bot using the simmer-sdk library with clean code, paper-trading defaults, and no suspicious behavior detected.
可以安装
No action needed. The skill operates safely through a documented SDK and defaults to paper trading.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned dependency version 供应链 | clawhub.json:10 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in code |
| 网络访问 | READ | READ | ✓ 一致 | SDK API calls only via SimmerClient |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell commands |
| 环境变量 | READ | READ | ✓ 一致 | Reads SIMMER_API_KEY and tunable SIMMER_* vars only |
| 技能调用 | NONE | NONE | — | No skill-to-skill calls |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database operations |
目录结构
3 文件 · 24.2 KB · 528 行 Python 1f · 335L
Markdown 1f · 125L
JSON 1f · 68L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | not pinned | PyPI | 否 | No version constraint specified in clawhub.json |
安全亮点
✓ Clean codebase with no shell execution, subprocess, or os.system calls
✓ Paper trading is the safe default — live trades require explicit --live flag
✓ SDK-only network operations through well-documented SimmerClient
✓ Credential access limited to declared SIMMER_API_KEY
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No obfuscation, base64, or anti-analysis patterns
✓ Documentation accurately describes code behavior (no doc deception)
✓ Autostart disabled, cron null — no automatic execution without user consent