Back to skill

Security audit

Gate Exchange Unified Account

Security checks across malware telemetry and agentic risk

Overview

This Gate unified-account skill is a disclosed financial operations helper with strong confirmation gates and no hidden installer or persistence behavior in the reviewed artifacts.

Install only if you intend to let an agent use your Gate MCP session for unified-account operations. Use API keys scoped to the documented Unified read/write permissions, review every Action Draft carefully, and do not confirm borrowing, repayment, leverage, mode, or collateral changes unless the amount and target are exactly what you want.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes generic phrases like account mode, borrow now, repay loan, and set leverage, which can cause the skill to activate on loosely related requests. In a skill capable of financial mutations, over-broad invocation increases the chance of the assistant entering a high-risk workflow in the wrong context, even if later confirmation guardrails exist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.