扫描报告
5 /100
polymarket-macro-weather-commodity-trader
Trades Polymarket commodity markets based on extreme weather stress signals. Paper by default, live trades only with --live flag.
A legitimate Polymarket weather-commodity trading strategy using the simmer-sdk, with no malicious behavior, clear documentation, and appropriate credential handling.
可以安装
This skill is safe to use. Ensure SIMMER_API_KEY is stored securely and --live flag is not enabled without reviewing trade parameters.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | trader.py imports only stdlib + simmer-sdk; no file write operations |
| 网络访问 | READ | READ | ✓ 一致 | All network I/O goes through SimmerClient SDK → Polymarket API; no raw socket/HT… |
| 命令执行 | NONE | NONE | — | No subprocess, no os.system, no shell execution in code |
| 环境变量 | READ | READ | ✓ 一致 | Reads only SIMMER_* prefixed env vars; API key used only for SDK auth |
| 技能调用 | NONE | NONE | — | No inter-skill invocation observed |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
目录结构
3 文件 · 25.8 KB · 704 行 Python 1f · 466L
Markdown 1f · 129L
JSON 1f · 109L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | PyPI (simmer-sdk/SpartanLabsXyz) | 否 | Version not pinned — use explicit version for reproducibility |
安全亮点
✓ All trade execution gated behind explicit --live flag; defaults to paper/sim mode
✓ Comprehensive context guards (flip-flop, slippage, spread, days-to-resolution checks)
✓ No subprocess, shell execution, or raw HTTP calls — all API traffic via official simmer-sdk
✓ SIMMER_API_KEY used only for authenticated Polymarket API calls, never exfiltrated
✓ SKILL.md accurately describes all behavior: market discovery, signal computation, trade execution
✓ All risk parameters exposed as declared tunables with sensible defaults
✓ No obfuscation, no base64, no dynamic code generation
✓ No credential harvesting beyond the one declared API key
✓ No filesystem writes — read-only analysis of market data
✓ Safe by design: max position $40, min trade $5, max 6 concurrent positions