Scan Report
5 /100
ve-exchange-rates
Get Venezuelan exchange rates - BCV official rate, Binance P2P USDT average, and the gap between them
Legitimate exchange rate fetcher using only standard library HTTP requests and documented subprocess for math operations.
Safe to install
No action needed - the skill is safe to use as a standard financial data aggregator.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access in code |
| Network | READ | READ | ✓ Aligned | HTTP GET/POST to bcv.org.ve, Binance P2P API, exchangerate-api.com |
| Shell | NONE | NONE | — | subprocess.call only to 'bc' calculator, documented |
| Environment | NONE | NONE | — | No os.environ access |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
| Skill Invoke | NONE | NONE | — | No skill invocation |
3 findings
Medium External URL 外部 URL
https://www.bcv.org.ve/ scripts/get_rates.py:10 Medium External URL 外部 URL
https://p2p.binance.com/bapi/c2c/v2/friendly/c2c/adv/search scripts/get_rates.py:11 Medium External URL 外部 URL
https://api.exchangerate-api.com/v4/latest/USD scripts/get_rates.py:12 File Tree
4 files · 8.3 KB · 230 lines Python 1f · 168L
Markdown 1f · 53L
JSON 1f · 5L
Shell 1f · 4L
├─
▾
scripts
│ ├─
get_rates.py
Python
│ └─
get-rates.sh
Shell
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (urllib.request, subprocess, json, re)
✓ All network endpoints declared in SKILL.md: bcv.org.ve, p2p.binance.com, exchangerate-api.com
✓ subprocess usage limited to 'bc -l' calculator for decimal math, documented
✓ No credential harvesting or sensitive file access
✓ No obfuscation, base64 encoding, or suspicious patterns
✓ No data exfiltration beyond necessary exchange rate data
✓ Clean codebase with straightforward financial data aggregation logic
✓ Shell wrapper is a thin pass-through to Python implementation