superrare-mint 安全扫描报告 — 可信 | ClawSafe

0 /100

superrare-mint

Mint art to a SuperRare-compatible ERC-721 collection on Ethereum or Base via Bankr

Legitimate SuperRare NFT minting skill with fully declared capabilities, standard blockchain tooling, and no hidden behavior.

技能名称superrare-mint

分析耗时45.7s

引擎pi

✓

可以安装

Skill is safe to use. No action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md:15 lists jq; scripts read config.json, deploy receipts, write receipts
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:15 lists cast, jq, curl, node; scripts invoke these as subprocesses
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:27 declares Bankr API; scripts POST to api.bankr.bot and api.superrare.…
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:16 declares BANKR_API_KEY; resolve_bankr_api_key() reads env vars local…
技能调用	`NONE`	`NONE`	—	No cross-skill invocations
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser usage
数据库	`NONE`	`NONE`	—	No database access

11 项发现

💰

中危钱包地址加密货币钱包地址

0x0000000000000000000000000000000000000000

config.example.json:4

🔗

中危外部 URL 外部 URL

https://api.superrare.org

config.example.json:9

🔗

中危外部 URL 外部 URL

https://ethereum-rpc.publicnode.com

scripts/lib.sh:68

🔗

中危外部 URL 外部 URL

https://etherscan.io/tx/

scripts/lib.sh:69

🔗

中危外部 URL 外部 URL

https://ethereum-sepolia-rpc.publicnode.com

scripts/lib.sh:74

🔗

中危外部 URL 外部 URL

https://sepolia.etherscan.io/tx/

scripts/lib.sh:75

🔗

中危外部 URL 外部 URL

https://base-rpc.publicnode.com

scripts/lib.sh:80

🔗

中危外部 URL 外部 URL

https://basescan.org/tx/

scripts/lib.sh:81

🔗

中危外部 URL 外部 URL

https://base-sepolia-rpc.publicnode.com

scripts/lib.sh:86

🔗

中危外部 URL 外部 URL

https://sepolia.basescan.org/tx/

scripts/lib.sh:87

🔗

中危外部 URL 外部 URL

https://api.bankr.bot

scripts/lib.sh:146

目录结构

7 文件 · 30.8 KB · 1051 行

Shell 3f · 678L JavaScript 1f · 214L Markdown 1f · 142L JSON 2f · 17L

├─ ▾ 📁 scripts

│ ├─ 🔧 lib.sh Shell 317L · 9.4 KB

│ ├─ 🔧 mint-art.sh Shell 132L · 3.1 KB

│ ├─ 🔧 mint-via-bankr.sh Shell 229L · 6.3 KB

│ └─ 📜 pin-metadata.mjs JavaScript 214L · 6.2 KB

├─ 📋 clawhub.json JSON 6L · 269 B

├─ 📋 config.example.json JSON 11L · 303 B

└─ 📝 SKILL.md Markdown 142L · 5.2 KB

安全亮点

✓ Dry-run is the default; transactions only broadcast with --broadcast or DRY_RUN=0

✓ Contract mode is enforced before any action—script refuses to run without explicit ownership-given or own-deployed

✓ Chain mismatch validation prevents cross-chain receipt reuse

✓ Credential lookup is local-only; BANKR_API_KEY is used for API auth, never exfiltrated

✓ All external API calls go to well-known, documented endpoints (api.superrare.org, api.bankr.bot)

✓ No base64, eval, curl|bash, or other obfuscation/remote execution patterns

✓ No sensitive path access (~/.ssh, ~/.aws, .env secrets extraction)

✓ Receipts written locally with no outbound transmission of transaction data

✓ Standard, auditable shell tooling (cast, jq, curl, node) used throughout

✓ SKILL.md thoroughly documents all scripts, environment variables, and file paths