中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:22 小时前 重新扫描
5 /100
spraay
Payment infrastructure for AI agents - batch crypto payments, x402 micropayment gateway, agent-to-agent USDC settlement, multi-chain payroll, Bitcoin PSBT transactions, and robot task commissioning via RTP
Spraay is a legitimate payment infrastructure skill with no malicious behavior detected. All operations are properly documented, and network calls exclusively target the declared gateway.spraay.app endpoint.
技能名称spraay
分析耗时35.8s
引擎pi
可以安装
Approve for use. The skill performs standard payment gateway operations through documented curl commands with no credential harvesting, data exfiltration, or obfuscation.
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 bins: [curl] in SKILL.md
文件系统 NONE READ ✓ 一致 scripts/spraay.sh:79 - ipfs-pin reads files via base64 for legitimate IPFS funct…
命令执行 NONE WRITE ✓ 一致 scripts/spraay.sh is a wrapper script; shell execution is limited to curl comman…
10 项发现
🔗
中危 外部 URL 外部 URL
https://spraay.app
SKILL.md:25
🔗
中危 外部 URL 外部 URL
https://gateway.spraay.app
SKILL.md:47
💰
中危 钱包地址 加密货币钱包地址
0x1646452F98E36A3c9Cfc3eDD8868221E207B5eEC
SKILL.md:61
💰
中危 钱包地址 加密货币钱包地址
0xAd62f03C7514bb8c51f1eA70C2b75C37404695c8
SKILL.md:217
🔗
中危 外部 URL 外部 URL
https://docs.spraay.app
SKILL.md:222
🔗
中危 外部 URL 外部 URL
https://x.com/Spraay_app
SKILL.md:225
🔗
中危 外部 URL 外部 URL
https://warpcast.com/plag
SKILL.md:226
🔗
中危 外部 URL 外部 URL
https://mempool.space/tx/abc123...
references/bitcoin-psbt.md:71
🔗
中危 外部 URL 外部 URL
https://agent.example.com/webhook/task-complete
references/rtp-protocol.md:72
💰
中危 钱包地址 加密货币钱包地址
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
references/x402-gateway.md:14

目录结构

6 文件 · 28.7 KB · 990 行
Markdown 5f · 817L Shell 1f · 173L
├─ 📁 references
│ ├─ 📝 batch-payments.md Markdown 122L · 3.2 KB
│ ├─ 📝 bitcoin-psbt.md Markdown 129L · 2.8 KB
│ ├─ 📝 rtp-protocol.md Markdown 149L · 3.9 KB
│ └─ 📝 x402-gateway.md Markdown 191L · 5.4 KB
├─ 📁 scripts
│ └─ 🔧 spraay.sh Shell 173L · 5.0 KB
└─ 📝 SKILL.md Markdown 226L · 8.3 KB

安全亮点

✓ All network requests target declared gateway.spraay.app endpoint only
✓ No credential harvesting or environment variable iteration for sensitive keys
✓ No obfuscation techniques (base64, eval, atob) beyond standard file encoding for IPFS
✓ No remote script execution (curl|bash, wget|sh)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No reverse shell, C2, or data exfiltration to external IPs
✓ Bitcoin operations are non-custodial (PSBT keeps private keys client-side)
✓ Payment protocol uses x402 standard with USDC on Base via Coinbase CDP
✓ Full endpoint catalog documented with transparent pricing
✓ Open-source references provided (github.com/plagtech)