Scan Report
0 /100
veroq
Verified AI intelligence — fact-checks LLM output, provides market/trading data via api.veroq.ai
VeroQ is a clean, read-only intelligence API client that makes no filesystem writes, shell executions, credential accesses, or any other privileged operations. All network traffic goes exclusively to api.veroq.ai with no credential transmission.
Safe to install
This skill is safe to use as-is. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem operations found in index.js |
| Network | READ | READ | ✓ Aligned | All fetch() calls target https://api.veroq.ai exclusively (lines 11, 55, 104, 14… |
| Shell | NONE | NONE | — | No exec, spawn, child_process, or shell command invocations |
| Environment | NONE | NONE | — | No process.env access or environment variable reads |
| Skill Invoke | EXECUTE | EXECUTE | ✓ Aligned | 32 command handlers mapped in module.exports |
| Clipboard | NONE | NONE | — | No clipboard API usage |
| Browser | NONE | NONE | — | No browser automation (Puppeteer, Playwright, etc.) |
| Database | NONE | NONE | — | No database connections or ORM usage |
7 findings
Medium External URL 外部 URL
https://www.npmjs.com/package/veroq-mcp README.md:50 Medium External URL 外部 URL
https://veroq.ai README.md:55 Medium External URL 外部 URL
https://veroq.ai/api-reference README.md:58 Medium External URL 外部 URL
https://veroq.ai/pricing SKILL.md:109 Medium External URL 外部 URL
https://veroq.ai/developers SKILL.md:125 Medium External URL 外部 URL
https://api.veroq.ai index.js:11 Medium External URL 外部 URL
https://veroq.ai/integrations/openclaw skill.json:6 File Tree
4 files · 75.9 KB · 2338 lines JavaScript 1f · 1924L
JSON 1f · 229L
Markdown 2f · 185L
├─
index.js
JavaScript
├─
README.md
Markdown
├─
skill.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ All 32 commands are declared in SKILL.md with accurate descriptions
✓ Zero filesystem access (read or write) — purely remote API client
✓ Zero shell or subprocess execution
✓ Zero credential, token, or sensitive environment variable access
✓ All network requests exclusively target api.veroq.ai — single known domain
✓ No external dependencies (no package.json, no node_modules) — no supply chain risk
✓ README.md and SKILL.md clearly state read-only, no-credentials posture
✓ No obfuscation, no base64 payloads, no dynamic eval
✓ No hidden HTML comments or embedded scripts
✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)