扫描报告
5 /100
solanaprox-mcp
MCP server for SolanaProx — pay for AI inference with Solana/USDC. No API keys. Your wallet is your identity.
This is a legitimate MCP server for a Solana/USDC-based AI payment gateway. It exposes four tools (ask_ai, check_balance, estimate_cost, list_models) that send wallet address and prompts to solanaprox.com. No shell execution, filesystem access, credential harvesting, or hidden functionality found. The code is clean, well-structured, and behaves exactly as documented.
可以安装
This skill is safe to use. No security controls are needed beyond what would be standard for any network-accessing tool. Ensure the SOLANA_WALLET env var is sourced securely.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access found in src/index.ts or agent-exammple.js |
| 网络访问 | READ | READ | ✓ 一致 | src/index.ts:97-106 — fetch POST to solanaprox.com/v1/messages; src/index.ts:124… |
| 命令执行 | NONE | NONE | — | No child_process, exec, spawn, or shell command invocations found |
| 环境变量 | READ | READ | ✓ 一致 | src/index.ts:17 — reads SOLANA_WALLET and SOLANAPROX_URL from process.env; only … |
| 技能调用 | NONE | NONE | — | No inter-skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser automation found |
| 数据库 | NONE | NONE | — | No database access found |
16 项发现
中危 外部 URL 外部 URL
https://badge.fury.io/js/solanaprox-mcp.svg README.md:5 中危 外部 URL 外部 URL
https://www.npmjs.com/package/solanaprox-mcp README.md:5 中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg README.md:6 中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT README.md:6 中危 外部 URL 外部 URL
https://solanaprox.com README.md:70 中危 外部 URL 外部 URL
https://solanaprox.com/v1/messages README.md:138 中危 外部 URL 外部 URL
https://solanaprox.com/api/balance/YOUR_WALLET README.md:194 中危 外部 URL 外部 URL
https://solscan.io README.md:215 中危 外部 URL 外部 URL
https://solanaprox.com/docs README.md:222 中危 外部 URL 外部 URL
https://twitter.com/solanaprox README.md:223 中危 外部 URL 外部 URL
https://lightningprox.com README.md:224 中危 外部 URL 外部 URL
https://lpxpoly.com README.md:233 中危 外部 URL 外部 URL
https://isitarug.com README.md:234 中危 外部 URL 外部 URL
https://opencollective.com/express package-lock.json:257 中危 外部 URL 外部 URL
https://opencollective.com/fastify package-lock.json:585 提示 邮箱 邮箱地址
[email protected] SKILL.md:88 目录结构
7 文件 · 73.6 KB · 2323 行 JSON 3f · 1432L
TypeScript 1f · 375L
Markdown 2f · 326L
JavaScript 1f · 190L
├─
▾
src
│ └─
index.ts
TypeScript
├─
agent-exammple.js
JavaScript
├─
package-lock.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
├─
SKILL.md
Markdown
└─
tsconfig.json
JSON
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@modelcontextprotocol/sdk | ^1.0.0 | npm | 否 | Standard MCP SDK from Anthropic, no known vulnerabilities |
typescript | ^5.0.0 | npm (dev) | 否 | Dev dependency only |
ts-node | ^10.9.0 | npm (dev) | 否 | Dev dependency only |
安全亮点
✓ No shell or subprocess execution — pure HTTP fetch API calls only
✓ No filesystem access — reads/writes no files beyond npm install
✓ No credential harvesting — SOLANA_WALLET used only as API identifier sent to declared endpoint
✓ No obfuscation — all code is clear, readable TypeScript
✓ No hidden instructions, base64, or eval patterns
✓ No suspicious dependencies beyond @modelcontextprotocol/sdk
✓ SKILL.md accurately describes all four tools and their behavior
✓ Error handling is present and appropriate (402 for insufficient balance, etc.)
✓ Wallet address is a public Solana identifier by design — no private key access