gate-news-eventexplain

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto market event-explanation skill with coherent scope and no credential, install, persistence, or mutation behavior in the published artifacts.

Before installing, confirm you trust the Gate MCP servers and that the referenced shared runtime rule files are present and trusted in your agent environment. Treat the output as market commentary, not investment advice, and expect uncertainty when no single event clearly explains a price move.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 75% confidence
Finding: The trigger phrases include broad conversational language like 'what just happened' and 'what caused', which can match many unrelated user requests and cause the wrong skill to activate. In an agentic system, ambiguous activation can lead to unintended tool use, incorrect routing, and responses based on irrelevant workflows, especially when combined with automatic skill selection.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The trigger scenario description is loosely defined and does not give strong exclusion criteria, so ordinary market-chat or ambiguous questions may be interpreted as requests for this workflow. That increases the chance of over-broad invocation and unnecessary data/tool calls, which is a real agent-routing security concern even when the tools are read-only.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal