扫描报告
5 /100
polymarket-ladder-f1-championship-trader
Trades distribution-sum violations in F1 championship winner markets on Polymarket
A legitimate Polymarket F1 championship trading bot with no malicious behavior, clear documentation, and safe defaults (paper trading mode).
可以安装
No action needed. This is a safe, documented trading strategy that only accesses declared environment variables and uses a legitimate external SDK.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in code |
| 网络访问 | READ | READ | ✓ 一致 | trader.py:168-177 Uses simmer-sdk for API calls, declared in SKILL.md |
| 命令执行 | NONE | NONE | — | No subprocess, os.system, or shell commands |
| 环境变量 | READ | READ | ✓ 一致 | trader.py:69-76 Reads configuration env vars (SIMMER_MAX_POSITION, etc.) |
| 技能调用 | NONE | NONE | — | Not used |
| 剪贴板 | NONE | NONE | — | Not used |
| 浏览器 | NONE | NONE | — | Not used |
| 数据库 | NONE | NONE | — | Not used |
目录结构
3 文件 · 23.9 KB · 602 行 Python 1f · 349L
Markdown 1f · 166L
JSON 1f · 87L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Version not pinned; declared external dependency from SpartanLabsXyz |
安全亮点
✓ Clean, readable code with no obfuscation or base64-encoded strings
✓ Safe defaults: paper trading (venue=sim) is the default mode, --live flag required for real trades
✓ All environment variable access is documented and declared in SKILL.md and clawhub.json
✓ External dependency is pinned to simmer-sdk from PyPI (SpartanLabsXyz) with declared source
✓ No file system access, no shell execution, no sensitive path access
✓ Credential (SIMMER_API_KEY) is only used for SimmerClient initialization, not exfiltrated
✓ Documentation accurately describes functionality with clear risk disclosures
✓ No network calls made directly—all API communication goes through official simmer-sdk
✓ Proper error handling throughout with safe_print() for encoding issues