扫描报告
5 /100
polymarket-48h-price-curve-arb-trader
Trades structural mispricings in crypto price-threshold markets on Polymarket by reconstructing the implied probability distribution curve
Legitimate Polymarket arbitrage trading skill with well-documented behavior, paper-trading defaults, and no malicious or exfiltration-capable code.
可以安装
This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and pip install pins simmer-sdk to a specific version before production deployment.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned external dependency 供应链 | clawhub.json:4 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | trader.py:client.find_markets() via simmer-sdk |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:os.environ[...] for SIMMER_* vars |
| 文件系统 | NONE | NONE | — | No file I/O in trader.py |
| 命令执行 | NONE | NONE | — | No subprocess/os.system calls found |
| 技能调用 | NONE | NONE | — | No skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser automation found |
| 数据库 | NONE | NONE | — | No database access found |
目录结构
3 文件 · 25.3 KB · 684 行 Python 1f · 475L
Markdown 1f · 122L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned — low risk, external SDK from SpartanLabsXyz |
安全亮点
✓ All behavior is explicitly declared in SKILL.md — no hidden functionality
✓ Paper-trading (sim) is the default mode; --live flag is required for real trades
✓ No subprocess, shell execution, or direct network calls outside the SDK
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)
✓ No obfuscation, base64 execution, or anti-analysis techniques
✓ Credential (SIMMER_API_KEY) is read-only to authorize SDK calls — not exfiltrated
✓ No cron/automaton autostart; autostart is false by design
✓ Code is clean, readable, and well-structured with no suspicious patterns