codex-supergraph 安全扫描报告 — 可信 | ClawSafe

0 /100

codex-supergraph

Use when the user asks about token prices, charts, holders, trending tokens, pair data, prediction markets, or any on-chain analytics from Codex.

Pure documentation/reference skill providing Codex GraphQL query templates with no executable code, scripts, or hidden functionality.

技能名称codex-supergraph

分析耗时27.1s

引擎pi

✓

可以安装

Approve for use. This skill only contains Markdown reference files and documented curl examples targeting a known public API.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in any file
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:36 — documents curl to https://graph.codex.io/graphql
命令执行	`NONE`	`NONE`	—	No shell scripts or subprocess calls present
环境变量	`NONE`	`READ`	✓ 一致	SKILL.md:31 — reads $CODEX_API_KEY for Authorization header only
技能调用	`NONE`	`NONE`	—	No skill invocation found
剪贴板	`NONE`	`NONE`	—	No clipboard access in any file
浏览器	`NONE`	`NONE`	—	No browser automation present
数据库	`NONE`	`NONE`	—	No database access in any file

9 项发现

🔗

中危外部 URL 外部 URL

https://graph.codex.io/graphql.

SKILL.md:6

🔗

中危外部 URL 外部 URL

https://graph.codex.io/graphql

SKILL.md:32

🔗

中危外部 URL 外部 URL

https://graph.codex.io/schema/latest.graphql

SKILL.md:34

🔗

中危外部 URL 外部 URL

https://graph.codex.io/schema/latest.json

SKILL.md:35

💰

中危钱包地址加密货币钱包地址

0x02227b8f5a9636e895607edd3185ed6ee5598ff7

references/prediction-markets.md:515

💰

中危钱包地址加密货币钱包地址

0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2

references/query-templates.md:200

💰

中危钱包地址加密货币钱包地址

0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2

references/query-templates.md:288

💰

中危钱包地址加密货币钱包地址

0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045

references/query-templates.md:327

🔗

中危外部 URL 外部 URL

https://docs.codex.io/mcp

references/tooling-and-mcp.md:10

目录结构

7 文件 · 42.6 KB · 1682 行

Markdown 7f · 1682L

├─ ▾ 📁 references

│ ├─ 📝 apis.md Markdown 80L · 2.8 KB

│ ├─ 📝 endpoint-playbook.md Markdown 79L · 5.2 KB

│ ├─ 📝 gotchas.md Markdown 106L · 4.8 KB

│ ├─ 📝 prediction-markets.md Markdown 763L · 15.9 KB

│ ├─ 📝 query-templates.md Markdown 470L · 8.0 KB

│ └─ 📝 tooling-and-mcp.md Markdown 76L · 1.1 KB

└─ 📝 SKILL.md Markdown 108L · 4.8 KB

安全亮点

✓ No executable code — skill consists entirely of Markdown documentation files

✓ No scripts, dependencies, or package files present

✓ All network calls are explicitly documented and target a single known public API endpoint

✓ No credential exfiltration or harvesting beyond reading $CODEX_API_KEY for auth header

✓ No sensitive file or path access (no ~/.ssh, ~/.aws, .env access)

✓ No obfuscation, base64 payloads, or anti-analysis techniques

✓ No supply-chain risk — no external dependencies declared

✓ Crypto wallet addresses (Ethereum, Solana) are public blockchain addresses used as documented query examples

✓ Documentation is comprehensive, internally consistent, and matches stated behavior