扫描报告
5 /100
polymarket-48h-weather-distribution-trader
Trades mispricings in weather temperature-bin markets on Polymarket by reconstructing implied probability distributions and detecting sum violations and monotonicity breaks.
A clean, transparent Polymarket weather distribution arbitrage trading bot with no malicious behavior, well-documented behavior, and credential usage limited to its stated trading purpose.
可以安装
This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and not committed to version control.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations found |
| 网络访问 | NONE | READ | ✓ 一致 | SDK network calls to Polymarket API, documented in SKILL.md |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution |
| 环境变量 | READ | READ | ✓ 一致 | Reads SIMMER_API_KEY and tunable risk params; declared in SKILL.md |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 27.8 KB · 729 行 Python 1f · 522L
Markdown 1f · 120L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | unpinned | pip | 否 | SDK dependency from PyPI; version not specified in files but installed via pip |
安全亮点
✓ No shell execution (subprocess, os.system, curl|bash, etc.)
✓ No credential harvesting — SIMMER_API_KEY is used only for SDK authentication
✓ No obfuscation — no base64, eval(), or anti-analysis patterns
✓ No data exfiltration — all data stays within the trading workflow
✓ No sensitive file access (~/.ssh, ~/.aws, .env beyond what's declared)
✓ No remote code execution vectors
✓ Paper trading by default — live trades require explicit --live flag
✓ Documentation is comprehensive and accurately describes all behavior
✓ Single external dependency (simmer-sdk) from PyPI, clearly declared
✓ Code is readable and straightforward trading logic without surprises