扫描报告
5 /100
decker
Decker AI trading platform Slack/Telegram bot integration — signals, portfolio, orders, auto-order rules, news digest, Slack/Telegram integration
Pure documentation skill (no executable code) providing a Slack/Telegram bot interface for a crypto trading platform. All credential handling (OPENCLAW_SECRET) is properly declared and used only as an HTTP header for internal API calls. No malicious indicators found.
可以安装
Skill is safe to use as delivered. Since no code exists to audit, the trust relies entirely on Decker platform's backend security. Ensure the OPENCLAW_SECRET is stored securely and not exposed through logs.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access declared or implied |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md uses web_fetch GET calls to api.decker-ai.com only |
| 命令执行 | NONE | NONE | — | No subprocess, Bash, or shell execution references found |
| 环境变量 | READ | READ | ✓ 一致 | OPENCLAW_SECRET is declared in metadata.config and used in HTTP headers |
| 技能调用 | NONE | NONE | — | No skill_invoke capability declared; references decker-hyperliquid and decker-po… |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser tool usage |
| 数据库 | NONE | NONE | — | No database access |
13 项发现
中危 外部 URL 外部 URL
https://decker-ai.com SKILL.md:34 中危 外部 URL 外部 URL
https://decker-ai.com/decker-link SKILL.md:34 中危 外部 URL 外部 URL
https://decker-ai.com/decker-link-telegram SKILL.md:34 中危 外部 URL 外部 URL
https://api.decker-ai.com SKILL.md:127 中危 外部 URL 外部 URL
https://decker-ai.com** SKILL.md:192 中危 外部 URL 外部 URL
https://decker-ai.com/decker-link** SKILL.md:192 中危 外部 URL 外部 URL
https://decker-ai.com/decker-link-telegram** SKILL.md:192 中危 外部 URL 外部 URL
https://.../order-request?slack_user_id=...&openclaw_secret=... SKILL.md:196 中危 外部 URL 外部 URL
https://api.decker-ai.com** SKILL.md:284 中危 外部 URL 外部 URL
https://api.decker-ai.com/api/v1/system/health SKILL.md:374 中危 外部 URL 外部 URL
https://api.decker-ai.com/api/v1/link/slack/order-request?slack_user_id= SKILL.md:422 中危 外部 URL 外部 URL
https://backend-production.../order-request?openclaw_secret=... SKILL.md:509 中危 外部 URL 外部 URL
https://api.decker-ai.com/api/v1/link/slack/order-request?slack_user_id=...&openclaw_secret=... SKILL.md:521 目录结构
4 文件 · 40.7 KB · 725 行 Markdown 4f · 725L
├─
▾
references
│ ├─
API_QUICK.md
Markdown
│ └─
QUESTIONS_LIST.md
Markdown
├─
SKILL.md
Markdown
└─
USER_GUIDE.md
Markdown
安全亮点
✓ No executable code: entire skill is Markdown documentation, eliminating runtime execution risk
✓ OPENCLAW_SECRET credential properly declared in metadata.config with secret:true
✓ Documentation explicitly forbids exposing API URLs, backend URLs, or secrets to users
✓ web_fetch usage is limited to GET requests only to api.decker-ai.com (declared)
✓ No subprocess, shell execution, base64, eval, or obfuscation patterns found
✓ No sensitive path access (~/.ssh, ~/.aws, .env) or credential harvesting
✓ No remote script execution (curl|bash, wget|sh) or supply chain dependencies
✓ Clear and well-structured documentation with explicit safety rules