binance-proxy-cn Security Report — Low Risk | ClawSafe

15 /100

binance-proxy-cn

在中国大陆服务器通过代理访问币安API的完整配置指南

This is a legitimate instructional skill for configuring mihomo proxy to access Binance API from mainland China. No malicious code, credential theft, or exfiltration behavior detected.

Skill Namebinance-proxy-cn

Duration31.1s

Enginepi

✓

Safe to install

Approve for use. The hardcoded IP addresses are standard DNS servers (Alibaba, Google, DNSPod) commonly used in proxy configurations. All external URLs point to legitimate services.

Findings 2 items

Severity	Finding	Location
Low	Hardcoded IP addresses in DNS configuration Doc Mismatch Pre-scan flagged hardcoded IPs (198.18.0.1, 119.29.29.29, 223.5.5.5, 8.8.8.8). These are all legitimate: fake-ip range for mihomo, Alibaba DNS, DNSPod DNS, and Google DNS - standard for proxy configurations in China. `fake-ip-range: 198.18.0.1/16` → No action needed - these are expected values for mihomo DNS configuration.	`SKILL.md:63`
Low	Software download from GitHub mirror Supply Chain Uses ghfast.top as GitHub mirror. This is a legitimate alternative for downloading mihomo in China due to GitHub access restrictions. The actual source is the official MetaCubeX GitHub repository. `curl -sL "https://ghfast.top/https://github.com/MetaCubeX/mihomo/releases/..."` → Consider adding a comment noting this is a China-specific mirror for accessibility.	`SKILL.md:44`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Documentation references /etc/mihomo, /usr/local/bin - file paths in docs only
Network	`READ`	`READ`	✓ Aligned	SKILL.md describes proxy configuration and API calls - all documented
Shell	`NONE`	`READ`	✓ Aligned	Bash commands shown for mihomo installation and API testing - all documented

4 High 10 findings

📡

High IP Address 硬编码 IP 地址

198.18.0.1

SKILL.md:63

📡

High IP Address 硬编码 IP 地址

119.29.29.29

SKILL.md:65

📡

High IP Address 硬编码 IP 地址

223.5.5.5

SKILL.md:66

📡

High IP Address 硬编码 IP 地址

8.8.8.8

SKILL.md:67

🔗

Medium External URL 外部 URL

https://ghfast.top/https://github.com/MetaCubeX/mihomo/releases/download/v1.19.0/mihomo-linux-amd64-v1.19.0.gz

SKILL.md:44

🔗

Medium External URL 外部 URL

http://127.0.0.1:7890

SKILL.md:105

🔗

Medium External URL 外部 URL

https://api.binance.com/api/v3/time

SKILL.md:105

🔗

Medium External URL 外部 URL

https://api.binance.com/api/v3/account?$QUERY&signature=$SIG

SKILL.md:173

🔗

Medium External URL 外部 URL

https://api.binance.com/api/v3/ticker/price?symbol=BTCUSDT

SKILL.md:177

🔗

Medium External URL 外部 URL

https://ipinfo.io

SKILL.md:196

File Tree

1 files · 5.6 KB · 210 lines

Markdown 1f · 210L

└─ 📝 SKILL.md Markdown 210L · 5.6 KB

Security Positives

✓ Single file skill - easy to audit

✓ No executable scripts or code files present

✓ All bash commands are documented with explanations

✓ API calls shown are standard Binance API patterns

✓ No credential harvesting or exfiltration

✓ No obfuscation or base64 encoded content

✓ Clear documentation of proxy configuration purpose

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ MIT licensed with transparent authorship (openclaw-community)

Scan Report

Findings 2 items

File Tree

Security Positives