veroq 安全扫描报告 — 可信 | ClawSafe

0 /100

veroq

Verified AI intelligence — fact-checks LLM output, provides market/trading data via api.veroq.ai

VeroQ is a clean, read-only intelligence API client that makes no filesystem writes, shell executions, credential accesses, or any other privileged operations. All network traffic goes exclusively to api.veroq.ai with no credential transmission.

技能名称veroq

分析耗时25.0s

引擎pi

✓

可以安装

This skill is safe to use as-is. No action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem operations found in index.js
网络访问	`READ`	`READ`	✓ 一致	All fetch() calls target https://api.veroq.ai exclusively (lines 11, 55, 104, 14…
命令执行	`NONE`	`NONE`	—	No exec, spawn, child_process, or shell command invocations
环境变量	`NONE`	`NONE`	—	No process.env access or environment variable reads
技能调用	`EXECUTE`	`EXECUTE`	✓ 一致	32 command handlers mapped in module.exports
剪贴板	`NONE`	`NONE`	—	No clipboard API usage
浏览器	`NONE`	`NONE`	—	No browser automation (Puppeteer, Playwright, etc.)
数据库	`NONE`	`NONE`	—	No database connections or ORM usage

7 项发现

🔗

中危外部 URL 外部 URL

https://www.npmjs.com/package/veroq-mcp

README.md:50

🔗

中危外部 URL 外部 URL

https://veroq.ai

README.md:55

🔗

中危外部 URL 外部 URL

https://veroq.ai/api-reference

README.md:58

🔗

中危外部 URL 外部 URL

https://veroq.ai/pricing

SKILL.md:109

🔗

中危外部 URL 外部 URL

https://veroq.ai/developers

SKILL.md:125

🔗

中危外部 URL 外部 URL

https://api.veroq.ai

index.js:11

🔗

中危外部 URL 外部 URL

https://veroq.ai/integrations/openclaw

skill.json:6

目录结构

4 文件 · 75.9 KB · 2338 行

JavaScript 1f · 1924L JSON 1f · 229L Markdown 2f · 185L

├─ 📜 index.js JavaScript 1924L · 60.1 KB

├─ 📝 README.md Markdown 59L · 2.1 KB

├─ 📋 skill.json JSON 229L · 8.4 KB

└─ 📝 SKILL.md Markdown 126L · 5.4 KB

安全亮点

✓ All 32 commands are declared in SKILL.md with accurate descriptions

✓ Zero filesystem access (read or write) — purely remote API client

✓ Zero shell or subprocess execution

✓ Zero credential, token, or sensitive environment variable access

✓ All network requests exclusively target api.veroq.ai — single known domain

✓ No external dependencies (no package.json, no node_modules) — no supply chain risk

✓ README.md and SKILL.md clearly state read-only, no-credentials posture

✓ No obfuscation, no base64 payloads, no dynamic eval

✓ No hidden HTML comments or embedded scripts

✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)