Scan Report
15 /100
binance-event-contract-data-fetcher
Binance Event Contract Full Data Fetcher - fetches K-line, liquidity, market, and contract rule data for BTC/ETH trading pairs
Documentation-only skill describing Binance data fetching; no implementation code present to execute malicious behavior, though documentation lacks declared allowed tools.
Safe to install
This skill contains only a SKILL.md specification without any executable code. If implementation is added later, ensure all network/filesystem/shell operations are explicitly declared in allowed-tools.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Missing allowed-tools declaration Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md mentions 'cache' functionality implying file read/write |
| Network | NONE | READ | ✓ Aligned | SKILL.md describes fetching from api.binance.com but does not declare network:RE… |
| Shell | NONE | NONE | — | Mentions cron auto-run but no explicit shell execution declared |
1 findings
Medium External URL 外部 URL
https://api.binance.com SKILL.md:15 File Tree
1 files · 4.1 KB · 100 lines Markdown 1f · 100L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present - cannot perform malicious actions
✓ Declares clear data-source restrictions (Binance only)
✓ Explicitly forbids trading API calls and third-party exchanges
✓ No credential harvesting mentioned
✓ No obfuscation or base64-encoded content observed
✓ No sensitive path access (.ssh, .aws, .env) declared