binance-proxy-cn 安全扫描报告 — 低风险 | ClawSafe

15 /100

binance-proxy-cn

在中国大陆服务器通过代理访问币安API的完整配置指南

This is a legitimate instructional skill for configuring mihomo proxy to access Binance API from mainland China. No malicious code, credential theft, or exfiltration behavior detected.

技能名称binance-proxy-cn

分析耗时31.1s

引擎pi

✓

可以安装

Approve for use. The hardcoded IP addresses are standard DNS servers (Alibaba, Google, DNSPod) commonly used in proxy configurations. All external URLs point to legitimate services.

安全发现 2 项

严重性	安全发现	位置
低危	Hardcoded IP addresses in DNS configuration 文档欺骗 Pre-scan flagged hardcoded IPs (198.18.0.1, 119.29.29.29, 223.5.5.5, 8.8.8.8). These are all legitimate: fake-ip range for mihomo, Alibaba DNS, DNSPod DNS, and Google DNS - standard for proxy configurations in China. `fake-ip-range: 198.18.0.1/16` → No action needed - these are expected values for mihomo DNS configuration.	`SKILL.md:63`
低危	Software download from GitHub mirror 供应链 Uses ghfast.top as GitHub mirror. This is a legitimate alternative for downloading mihomo in China due to GitHub access restrictions. The actual source is the official MetaCubeX GitHub repository. `curl -sL "https://ghfast.top/https://github.com/MetaCubeX/mihomo/releases/..."` → Consider adding a comment noting this is a China-specific mirror for accessibility.	`SKILL.md:44`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	Documentation references /etc/mihomo, /usr/local/bin - file paths in docs only
网络访问	`READ`	`READ`	✓ 一致	SKILL.md describes proxy configuration and API calls - all documented
命令执行	`NONE`	`READ`	✓ 一致	Bash commands shown for mihomo installation and API testing - all documented

4 高危 10 项发现

📡

高危 IP 地址硬编码 IP 地址

198.18.0.1

SKILL.md:63

📡

高危 IP 地址硬编码 IP 地址

119.29.29.29

SKILL.md:65

📡

高危 IP 地址硬编码 IP 地址

223.5.5.5

SKILL.md:66

📡

高危 IP 地址硬编码 IP 地址

8.8.8.8

SKILL.md:67

🔗

中危外部 URL 外部 URL

https://ghfast.top/https://github.com/MetaCubeX/mihomo/releases/download/v1.19.0/mihomo-linux-amd64-v1.19.0.gz

SKILL.md:44

🔗

中危外部 URL 外部 URL

http://127.0.0.1:7890

SKILL.md:105

🔗

中危外部 URL 外部 URL

https://api.binance.com/api/v3/time

SKILL.md:105

🔗

中危外部 URL 外部 URL

https://api.binance.com/api/v3/account?$QUERY&signature=$SIG

SKILL.md:173

🔗

中危外部 URL 外部 URL

https://api.binance.com/api/v3/ticker/price?symbol=BTCUSDT

SKILL.md:177

🔗

中危外部 URL 外部 URL

https://ipinfo.io

SKILL.md:196

目录结构

1 文件 · 5.6 KB · 210 行

Markdown 1f · 210L

└─ 📝 SKILL.md Markdown 210L · 5.6 KB

安全亮点

✓ Single file skill - easy to audit

✓ No executable scripts or code files present

✓ All bash commands are documented with explanations

✓ API calls shown are standard Binance API patterns

✓ No credential harvesting or exfiltration

✓ No obfuscation or base64 encoded content

✓ Clear documentation of proxy configuration purpose

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ MIT licensed with transparent authorship (openclaw-community)