扫描报告
5 /100
polymarket-candle-morning-star-trader
Trades crypto 'Up or Down' 5-minute interval markets on Polymarket by detecting Morning Star/Evening Star candlestick reversal patterns
Legitimate Polymarket trading bot with clear Morning Star/Evening Star candlestick pattern detection. Defaults to paper trading with robust safety controls. No malicious behavior detected.
可以安装
Skill is safe to use. Ensure SIMMER_API_KEY is properly secured and only use --live flag when intentional real trading is desired.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Missing allowed-tools declaration 文档欺骗 | clawhub.json:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 环境变量 | READ | READ | ✓ 一致 | trader.py:67-81 reads SIMMER_* env vars |
| 网络访问 | READ | READ | ✓ 一致 | trader.py:68 SimmerClient connects to Polymarket API |
| 文件系统 | NONE | NONE | — | No file operations in code |
| 命令执行 | NONE | NONE | — | No subprocess/shell execution found |
目录结构
3 文件 · 24.5 KB · 619 行 Python 1f · 421L
Markdown 1f · 103L
JSON 1f · 95L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned in requirements, but sourced from PyPI with established maintainer |
安全亮点
✓ Defaults to paper trading (venue='sim'), zero financial risk by default
✓ Real trades require explicit --live flag, preventing accidental live execution
✓ No shell execution (subprocess, curl|bash, wget|sh)
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, encoded payloads)
✓ No credential exfiltration to external endpoints
✓ Clear, well-documented candlestick pattern logic
✓ Built on reputable simmer-sdk from SpartanLabsXyz with pinned PyPI dependency
✓ Safety guards: flip-flop detection, slippage checks, spread limits
✓ Credential (SIMMER_API_KEY) used only for Polymarket API authentication