Security audit

Gate Exchange Assets

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Gate balance checker that handles sensitive financial account data but discloses that purpose and does not include executable code or hidden persistence.

Install only if you want an agent to read and summarize your Gate balances and holdings from the configured MCP session. Use least-privilege read-only Gate API keys, avoid write permissions, and phrase requests with explicit Gate context when you do not want generic balance questions to query this account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The specification requires an API key for account-level reads but does not explicitly warn that these calls access sensitive financial data across multiple accounts. In a cross-account asset aggregation skill, this omission can cause users or integrators to underestimate the sensitivity of the requested permissions and the privacy impact of exposing balances and holdings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.