Scan Report
5 /100
YYClaw — Pay-Per-Call AI Gateway
AI model gateway with on-chain stablecoin payments for accessing Claude, Gemini, and other models
Pure documentation skill providing legitimate AI gateway access with fully declared network calls and environment variable usage for API authentication.
Safe to install
Skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md lines 96-115: curl to crypto.yyclaw.cc |
| Environment | READ | READ | ✓ Aligned | SKILL.md line 93: reads YYCLAW_API_KEY |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md lines 96-115: curl commands documented |
| Filesystem | NONE | NONE | — | No file operations in skill |
6 findings
Medium External URL 外部 URL
https://crypto.yyclaw.cc SKILL.md:9 Medium External URL 外部 URL
https://crypto.yyclaw.cc/v1/balance SKILL.md:96 Medium External URL 外部 URL
https://crypto.yyclaw.cc/v1/usage?limit=10 SKILL.md:101 Medium External URL 外部 URL
https://crypto.yyclaw.cc/v1/models SKILL.md:106 Medium External URL 外部 URL
https://crypto.yyclaw.cc/v1/chat/completions SKILL.md:111 Medium External URL 外部 URL
https://crypto.yyclaw.cc/v1 SKILL.md:124 File Tree
1 files · 4.3 KB · 164 lines Markdown 1f · 164L
└─
SKILL.md
Markdown
Security Positives
✓ Single-file documentation-only skill with no executable code
✓ All network requests confined to single declared endpoint (crypto.yyclaw.cc)
✓ Environment variable access limited to declared YYCLAW_API_KEY
✓ Shell usage (curl) appropriate for HTTP API calls and fully documented
✓ No base64, obfuscation, or suspicious patterns detected
✓ No credential exfiltration or data leakage vectors
✓ No dependencies or package files present
✓ No hidden functionality or documentation-to-code mismatch