Back to skill

Security audit

Gate Exchange Dual Investment

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Gate dual-investment skill with financial account access and order placement, but the sensitive actions are purpose-aligned and confirmation-gated.

Install only if you trust the Gate MCP setup and are comfortable granting Earn:Write access to financial-product actions. Use a narrowly scoped API key when possible, do not paste secrets into chat, review every order draft carefully, and double-check minimum amounts and date ranges before relying on the skill’s financial guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill contains contradictory instructions about whether minimum investment amounts are available from the API: Scenario 3 says they are unavailable, while later scenarios rely on `min_amount` for eligibility and minimum-purchase checks. This inconsistency can cause the agent to provide fabricated, incomplete, or misleading financial guidance, especially when users ask whether they can place an order or meet product requirements.

Vague Triggers

Medium
Confidence
81% confidence
Finding
These prompt examples are broad enough that ordinary conversation about settled positions or past activity could trigger this skill without clear user intent. In a financial trading context, over-broad activation can expose account data, retrieve sensitive order history, or steer the conversation into transactional workflows the user did not explicitly request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The settlement-record query examples use generic phrases that lack strong product or account-scope boundaries, increasing the chance of accidental activation. Because this scenario retrieves user order records over a time range and paginates through results, an unintended trigger could lead to unnecessary disclosure of financial activity or excessive data access.

Vague Triggers

Medium
Confidence
86% confidence
Finding
A generic order-placement example like this can activate a transactional workflow on underspecified intent, even when critical parameters are missing or the user may only be exploring options. In a trading skill, broad activation is more dangerous because it can move the conversation toward order submission and account-affecting actions, raising the risk of mistaken trades or premature use of trading APIs.

Vague Triggers

Medium
Confidence
86% confidence
Finding
This buy-low trigger is too vague for a skill that can ultimately place financial orders. A broad phrase may capture exploratory discussion and route the user into a purchase workflow, increasing the chance of confusion, unsafe assumptions, or accidental progression toward a real trade.

Vague Triggers

Low
Confidence
75% confidence
Finding
These examples include vague shorthand such as amount-only phrasing and generic references to 'dual,' which can over-trigger the skill for users who are not clearly asking about this specific product workflow. The impact is somewhat lower than direct order-placement triggers, but it can still cause misleading eligibility checks or unnecessary API calls in a sensitive financial context.

Vague Triggers

Low
Confidence
74% confidence
Finding
The minimum-purchase prompts are broad and do not clearly tie the request to a specific product, market, or workflow. In a financial assistant, this can lead to over-activation and potentially incorrect or irrelevant minimum-subscription guidance, especially given the document's inconsistent handling of minimum amount data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.