扫描报告
5 /100
polymarket-candle-gap-fill-trader
Trades gap-fill reversions on Polymarket 5-minute crypto interval markets using conviction-based sizing
A legitimate Polymarket gap-fill trading bot that operates safely in paper mode by default, uses a standard SDK dependency, and has no malicious patterns.
可以安装
No action needed. Skill is safe for use with safe defaults (paper trading). Ensure SIMMER_API_KEY is kept secure when enabling live trading.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file read/write operations in trader.py |
| 网络访问 | READ | READ | ✓ 一致 | client.find_markets(), client.get_markets(), client.trade() at lines 215, 223, 2… |
| 命令执行 | NONE | NONE | — | No subprocess/os.system calls in trader.py |
| 环境变量 | READ | READ | ✓ 一致 | os.environ.get('SIMMER_*') throughout trader.py |
| 技能调用 | NONE | NONE | — | No skill invocation patterns |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database operations |
目录结构
3 文件 · 21.4 KB · 537 行 Python 1f · 359L
Markdown 1f · 91L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | No version pinned; legitimate trading SDK by SpartanLabsXyz |
安全亮点
✓ Safe defaults: venue='sim' (paper trading) without --live flag
✓ No subprocess/shell execution - uses official simmer-sdk
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64 decoding or obfuscation
✓ No curl|bash or remote script execution
✓ All environment variable access is declared and documented
✓ Credential (SIMMER_API_KEY) is used only for SDK authentication, not exfiltrated
✓ No data exfiltration to external IPs beyond legitimate trading API calls