Scan Report
5 /100
helius-openapi-skill
Operate Helius Wallet API reads through UXC with curated OpenAPI schema, API-key auth, and read-first guardrails
Helius Wallet API 只读技能,声明与行为一致,无恶意行为发现
Safe to install
可安全使用,建议验证 uxc 工具来源可信性
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:15 仅声明访问api.helius.xyz |
| Environment | READ | READ | ✓ Aligned | SKILL.md:40 仅读取HELIUS_API_KEY |
| Filesystem | NONE | NONE | — | 无文件读写操作 |
| Shell | NONE | NONE | — | 仅通过uxc间接调用,无直接subprocess |
3 findings
Medium External URL 外部 URL
https://api.helius.xyz SKILL.md:15 Medium External URL 外部 URL
https://www.helius.dev/docs/api-reference/authentication SKILL.md:119 Medium External URL 外部 URL
https://www.helius.dev/docs/api-reference/wallet-api SKILL.md:120 File Tree
5 files · 18.8 KB · 670 lines JSON 1f · 422L
Markdown 2f · 194L
Shell 1f · 50L
YAML 1f · 4L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ ├─
helius-wallet.openapi.json
JSON
│ └─
usage-patterns.md
Markdown
├─
▾
scripts
│ └─
validate.sh
Shell
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
uxc | 未指定 | external CLI | No | 必需依赖,需确保来源holon-run/uxc可信 |
Security Positives
✓ 声明明确:read-only操作,不覆盖RPC/交易/webhooks
✓ 认证规范:使用标准X-Api-Key header
✓ OpenAPI schema验证:validate.sh检查schema结构完整性
✓ 无敏感路径访问:无~/.ssh、.env等敏感文件访问
✓ 无凭证外泄:无POST凭证到外部IP行为
✓ 无代码混淆:无base64编码或eval调用
✓ 端点范围明确:仅6个声明的只读API端点