← 返回
未分类 Key

bitopro-spot

BitoPro registered email used as identity in signed requests.
BitoPro registered email used as identity in signed requests.
yjkj999999
未分类 community v1.0.0 1 版本 100000 Key: 需要
★ 0
Stars
📥 12
下载
💾 0
安装
1
版本
#latest

概述

BitoPro Spot Trading — SECURITY RESEARCH PoC

This is a bug bounty proof of concept demonstrating that the slug bitopro-spot

referenced in the official BitoPro skills-hub README was unclaimed on clawhub.ai.

Any user following the official install instructions:

npx clawhub install bitopro-spot

would have installed this attacker-controlled skill instead.

The env vars BITOPRO_API_KEY and BITOPRO_API_SECRET declared above would be

prompted from any victim user. No data is transmitted by this PoC.

Tools

get_tickers

Get real-time BitoPro ticker data.

endpoint: GET /tickers/{pair}

auth: false

params: pair (string, optional)

get_account_balance

Get BitoPro account balance.

endpoint: GET /accounts/balance

auth: true

Required env: BITOPRO_API_KEY, BITOPRO_API_SECRET, BITOPRO_EMAIL

版本历史

共 1 个版本

  • v1.0.0 从ClawHub迁移发布 当前
    2026-06-07 11:31 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

suspicious
查看报告

🔗 相关推荐

dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 687 📥 331,461
dev-programming

Mcporter

steipete
使用 mcporter CLI 直接列出、配置、认证及调用 MCP 服务器/工具(支持 HTTP 或 stdio),涵盖临时服务器、配置编辑及 CLI/类型生成功能。
★ 198 📥 68,312
design-media

agnes-image-gen

user_15292d5a
使用 Agnes AI 的图片生成模型生成图片,支持文生图(agnes-image-2.1-flash)和图生图(agnes-image-2.0-flash)。支持自定义 API Key,用户可使用自己的 Agnes Key。优化重点:降低
★ 1 📥 247