扫描报告
5 /100
Bitpanda v2
Skill per Gestione Portafoglio - retrieves wallet balances, trades, and prices from Bitpanda API
Legitimate Bitpanda portfolio management skill with no security issues - uses curl/jq for API calls and only communicates with the official bitpanda.com API.
可以安装
This skill is safe to use. All behavior aligns with the documentation.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in implementation |
| 网络访问 | READ | READ | ✓ 一致 | Only calls https://api.bitpanda.com |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Uses curl for API calls, documented in SKILL.md |
| 环境变量 | READ | READ | ✓ 一致 | Reads BITPANDA_API_KEY, documented in SKILL.md |
| 技能调用 | NONE | NONE | — | No skill chaining |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
4 项发现
中危 外部 URL 外部 URL
https://developers.bitpanda.com/ SKILL.md:22 中危 外部 URL 外部 URL
https://developer.bitpanda.com/ SKILL.md:135 中危 外部 URL 外部 URL
https://stedolan.github.io/jq/ SKILL.md:184 中危 外部 URL 外部 URL
https://api.bitpanda.com scripts/bitpanda.sh:11 目录结构
2 文件 · 14.7 KB · 521 行 Shell 1f · 270L
Markdown 1f · 251L
├─
▾
scripts
│ └─
bitpanda.sh
Shell
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
curl | system | system | 否 | Standard CLI tool for HTTP requests |
jq | system | system | 否 | Standard CLI tool for JSON parsing |
安全亮点
✓ All network requests go to legitimate bitpanda.com API only
✓ No credential exfiltration - API key is used locally to authenticate requests
✓ No obfuscation or base64 encoding detected
✓ No hidden functionality - code matches documentation
✓ Clear error handling without suspicious error message patterns
✓ No file system writes or reads to sensitive paths
✓ No reverse shell, C2, or data theft capabilities
✓ Pagination is implemented safely with loop limits
✓ Dependencies (curl, jq) are standard system tools, not malicious packages