polymarket-24h-sports-line-curve-trader 安全扫描报告 — 可信 | ClawSafe

5 /100

polymarket-24h-sports-line-curve-trader

Trades structural mispricings in sports O/U markets on Polymarket by detecting monotonicity violations in implied probability curves

A legitimate Polymarket sports arbitrage trading bot with clean code, no undeclared capabilities, and proper risk controls (paper trading by default).

技能名称polymarket-24h-sports-line-curve-trader

分析耗时22.9s

引擎pi

✓

可以安装

This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and version-pin simmer-sdk in production.

安全发现 1 项

严重性	安全发现	位置
低危	Unpinned dependency version 供应链 simmer-sdk is imported without a version pin, allowing any version including potentially malicious updates. `"pip": ["simmer-sdk"]` → Pin to specific version: "simmer-sdk>=1.0.0,<2.0.0" or exact version	`clawhub.json:6`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file I/O detected
网络访问	`READ`	`READ`	✓ 一致	SimmerClient API calls only
命令执行	`NONE`	`NONE`	—	No subprocess/os.system calls
环境变量	`READ`	`READ`	✓ 一致	Reads SIMMER_* vars only (declared in SKILL.md)
技能调用	`NONE`	`NONE`	—	No skill chaining
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

目录结构

3 文件 · 25.4 KB · 682 行

Python 1f · 471L Markdown 1f · 124L JSON 1f · 87L

├─ 📋 clawhub.json JSON 87L · 1.9 KB

├─ 📝 SKILL.md Markdown 124L · 5.3 KB

└─ 🐍 trader.py Python 471L · 18.2 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`simmer-sdk`	`*`	pip	否	Version not pinned

安全亮点

✓ Paper trading is the default mode (--live flag required for real trades)

✓ All environment variables declared and documented in SKILL.md

✓ No subprocess, eval, or shell execution

✓ No obfuscation or base64-encoded code

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No credential exfiltration or data theft patterns

✓ All risk parameters exposed as documented tunables

✓ Clean code with no hidden functionality