Security audit

gate-news-communityscan

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only crypto community-sentiment reporter that queries Gate-News/X-Twitter data and does not request credentials, persistence, or local system access.

Install this only if you want X/Twitter-focused crypto sentiment summaries and trust the Gate-News MCP server it queries. Treat the output as informational community sentiment, not investment advice or a complete market/news analysis; for ambiguous requests, route explicitly to the appropriate Gate skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger scenarios are broad enough that ordinary user phrasing like 'what are people saying' or 'overall market sentiment' could invoke this skill when the user may have intended a different capability. In an agentic environment, ambiguous routing can cause unintended tool use, misleading outputs, and bypass of more appropriate skills, even though the tools here are read-only.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The manifest description contains vague phrases such as 'what are people saying' and 'opinion on a coin or topic,' which overlap heavily with normal conversation and adjacent skills. That increases the chance of accidental activation and misrouting, especially when upstream orchestration relies on description text for selection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.