kelly-formula-crypto 安全扫描报告 — 可信 | ClawSafe

0 /100

kelly-formula-crypto

Kelly Formula position size calculator for crypto trading with x402 payment support

A legitimate Kelly Formula crypto trading calculator with transparent x402 payment integration, no hidden functionality, and no security concerns.

技能名称kelly-formula-crypto

分析耗时26.7s

引擎pi

✓

可以安装

This skill is safe to use. The x402 payment mechanism and API endpoint are properly documented.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem operations in kelly_calculator.py
网络访问	`READ`	`READ`	✓ 一致	x402 payment endpoint declared in SKILL.md line 15
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution
环境变量	`NONE`	`NONE`	—	No os.environ access
技能调用	`NONE`	`NONE`	—	No skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database operations

7 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:10

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Python-3.8+-blue.svg

README.md:11

🔗

中危外部 URL 外部 URL

https://www.python.org/

README.md:11

🔗

中危外部 URL 外部 URL

https://api.x402.dev/pay

README.md:36

💰

中危钱包地址加密货币钱包地址

0x24b288c98421d7b447c2d6a6442538d01c5fce22

README.md:39

🔗

中危外部 URL 外部 URL

https://x.com/KKaWSB/status/1968453490084299020

README.md:195

🔗

中危外部 URL 外部 URL

https://kelly-formula-crypto.vercel.app/api/calculate

SKILL.md:15

目录结构

4 文件 · 15.6 KB · 636 行

Markdown 2f · 403L Python 1f · 232L Text 1f · 1L

├─ ▾ 📁 scripts

│ └─ 🐍 kelly_calculator.py Python 232L · 6.9 KB

├─ 📝 README.md Markdown 209L · 4.3 KB

├─ 📄 requirements.txt Text 1L · 36 B

└─ 📝 SKILL.md Markdown 194L · 4.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`Standard library only`	`N/A`	built-in	否	Uses only argparse, json, and typing modules

安全亮点

✓ Clean, straightforward Python implementation with no obfuscation

✓ All network operations declared in SKILL.md (x402 payment endpoint)

✓ Payment wallet address clearly documented for transparency

✓ No subprocess, shell execution, or system command calls

✓ No credential harvesting or environment variable access

✓ No data exfiltration or C2 communication

✓ No base64 encoding or code obfuscation

✓ No sensitive file/path access

✓ Dependencies are standard library only (argparse, json, typing)

✓ Source code matches documented functionality exactly