Back to skill

Security audit

Gate Exchange Spot Demo

Security checks across malware telemetry and agentic risk

Overview

This skill is for real Gate spot trading and is mostly transparent, but it needs careful review because it can use write-capable exchange credentials and delegates runtime rules to an unpinned remote file.

Install only if you intend to let an agent assist with a real Gate spot account. Verify the publisher and MCP server independently, inspect or pin the remote runtime-rules file, use a limited API key with no withdrawal permission, and require clear confirmation for every order, trigger order, amendment, and cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill contains contradictory safety guidance: it explicitly supports trigger-based TP/SL workflows in multiple sections, then later states TP/SL is not supported. In a trading skill with write-capable tools, this inconsistency can cause the agent to mishandle risk-management requests, misinform the user, or skip the intended safeguard flow for conditional orders.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match common trading language such as 'buy', 'sell', or 'cancel order', which can cause this high-risk execution skill to activate in contexts that are ambiguous or only informational. Because the skill can perform account queries and real spot-order workflows, overbroad invocation increases the chance of unintended order-drafting, order-management actions, or progression toward real trade execution in response to loosely phrased user input.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are overly broad for a high-risk financial skill, so ordinary conversation fragments like 'buy coin' or 'cancel order' may activate trading logic unintentionally. In a skill that can place and cancel real spot orders, accidental routing increases the chance of unauthorized or mistaken financial actions, even if later confirmation is still required.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.