扫描报告
15 /100
monero-cpu-mining-setup
A practical, step-by-step guide to setting up XMRig for Monero mining on Windows, Linux, and macOS
A pure documentation/guide skill providing Monero CPU mining setup instructions; the pre-scan IOC flags the phrase 'curl | bash' but it appears as a security warning AGAINST that practice, with no actual code execution anywhere.
可以安装
Skill is safe to use. No scripts, no code, no exfiltration. Only minor concern is that it teaches cryptocurrency mining which may violate some platform policies — consider whether this is an appropriate skill for the platform.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Pre-scan IOC is a false positive 文档欺骗 | SKILL.md:24 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access in any file |
| 网络访问 | NONE | NONE | — | No network calls in any file |
| 命令执行 | NONE | NONE | — | No shell execution in any file |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
1 严重 1 项发现
严重 危险命令 危险 Shell 命令
curl | bash SKILL.md:24 目录结构
2 文件 · 3.8 KB · 121 行 Markdown 1f · 116L
JSON 1f · 5L
├─
package.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ Skill is purely documentation — no executable code, scripts, or binaries
✓ SKILL.md explicitly warns against using `curl | bash` (anti-pattern caught and flagged)
✓ No environment variable access or credential harvesting
✓ No network calls or data exfiltration
✓ SHA256 checksum verification is recommended for binary downloads
✓ Proper disclaimers about electricity costs, hardware safety, and laptop cooling
✓ Includes legitimate Monero donation/wallet address (not a hidden exfil address)