ClawHub

Gate Spot Exchange Skill

Security checks across malware telemetry and agentic risk

Overview

This Gate spot-trading skill is largely disclosed and purpose-aligned, but it needs review because it can make real account changes and has inconsistent safety instructions around TP/SL and some write actions.

Review the TP/SL and confirmation behavior before installing. Use a Gate API key with the smallest practical permissions, avoid enabling this skill in agents that may act on ambiguous trading language, and require explicit per-action confirmation for order placement, amendment, and cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill contains contradictory safety guidance: it explicitly defines TP/SL trigger-order workflows earlier, then later says TP/SL is not supported. In a trading skill with write permissions, this inconsistency can cause the agent to mis-handle user requests, skip intended safeguards, or present misleading capabilities around automated exit orders.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match common trading language such as "buy," "sell," and "cancel order," which can cause the skill to activate in situations the user did not intend. In a skill that can place real exchange orders, ambiguous invocation materially increases the risk of accidental order placement, misrouting user intent, or bypassing safer non-execution flows.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description uses broad trigger phrases such as 'buy coin', 'sell spot', 'take profit', and 'stop loss', which can match ordinary conversational text without strong scoping. In a high-risk financial skill that can place trades, over-broad invocation increases the chance of accidental activation and unintended order-drafting or account actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal