Scan Report
0 /100
ripley-pocket
API client skill for Ripley Pocket — M2M micro-payment gateway for AI agents using Monero (XMR)
Pure documentation-only skill describing a Monero payment API client with no executable code, no hidden functionality, and behavior fully consistent with its declared purpose.
Safe to install
No action needed. The skill is a safe documentation-only API client skill.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md contains no file operations |
| Network | NONE | NONE | — | SKILL.md documents an API client; no network calls are made by the skill itself |
| Shell | NONE | NONE | — | SKILL.md contains only documentation and example curl commands |
| Environment | NONE | NONE | — | SKILL.md declares requiredEnv API_KEY as documented configuration, no hidden env… |
| Skill Invoke | NONE | NONE | — | No skill chaining or invocation patterns found |
| Clipboard | NONE | NONE | — | No clipboard access in documentation |
| Browser | NONE | NONE | — | No browser automation documented |
| Database | NONE | NONE | — | No database access in documentation |
5 findings
Medium External URL 外部 URL
https://pocket.ripley.run SKILL.md:8 Medium Wallet Address 加密货币钱包地址
bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh SKILL.md:146 Medium External URL 外部 URL
https://api.kyc.rip/v2/exchange/status/abc123 SKILL.md:161 Medium External URL 外部 URL
https://api.kyc.rip/v2/exchange/status/xyz789 SKILL.md:195 Medium External URL 外部 URL
https://xmr402.org SKILL.md:278 File Tree
1 files · 15.5 KB · 473 lines Markdown 1f · 473L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code or scripts
✓ All described behavior (payment API, balance checks, cross-chain swaps) matches the documentation
✓ No obfuscation, base64, or anti-analysis patterns present
✓ No credential harvesting beyond the declared API_KEY environment variable
✓ External URLs are legitimate payment gateway and protocol references
✓ No sensitive file path access (ssh, aws, .env, etc.)
✓ No supply chain risks as there are no dependencies
✓ XMR402 protocol documentation is a legitimate open standard