Skillv1.0.3

ClawScan security

Gate DEX Market · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 10:32 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely matches a read-only market-data purpose but contains inconsistent metadata and instructions that create and store API credentials (including a hard-coded secret) in the user home directory — this mismatch and persistence of sensitive credentials is suspicious and worth caution before installation.
Guidance: Before installing or enabling this skill: - Be aware it will create and read a persistent config file at ~/.gate-dex-openapi/config.json and may auto-write default API credentials there on first run. That file contains an API secret by default in the package — you should not rely on repository-stored secrets. - If you only want read-only behavior and to avoid storing secrets, prefer using MCP mode (no credentials) and avoid triggering OpenAPI mode. - If you must use OpenAPI mode, replace the default AK/SK with your own credentials and verify the keys' permissions and provenance; consider creating keys with minimal scope and revoking the default ones. - Review the helper script (scripts/gate-api-call.py) and the default credential strings locally; confirm the openapi endpoint (https://openapi.gateweb3.cc) is expected and trusted. - Because the metadata did not declare the config path or credentials, treat the package as untrusted until you confirm the origin and rotate or remove any credentials written to your home directory.
Findings: [hardcoded-default-credentials] unexpected: The helper script and several docs include DEFAULT_AK and DEFAULT_SK strings. The script will fall back to these values if ~/.gate-dex-openapi/config.json is absent and references them as 'public default credentials'. Embedding and auto-deploying a secret key in user home is sensitive and not expected for a metadata-free, read-only routing skill.

Review Dimensions

Purpose & Capability: noteThe skill claims to be a read-only Gate DEX market-data routing layer (MCP preferred, OpenAPI optional). MCP mode requires no credentials which matches the description. However, the package also includes an OpenAPI mode that reads/writes a per-user config at ~/.gate-dex-openapi/config.json and embeds default AK/SK in code/docs. The registry metadata lists no required config paths or credentials, which is inconsistent with the skill instructions that explicitly require and manage an OpenAPI credential file in the user's home directory.
Instruction Scope: concernSKILL.md and references explicitly instruct the agent to read/create ~/.gate-dex-openapi/config.json, write default credentials if missing, and to use a bundled helper script that reads that file. The OpenAPI shared docs mandate executing an environment-detection step 'every time the skill is triggered' and automatically creating a config file with default credentials — this expands scope to persistent filesystem writes in the user's home and mandatory credential-handling steps beyond pure query routing.
Install Mechanism: okThere is no remote install/download mechanism; the package is instruction-plus-local-scripts only. The included install.sh is an interactive local installer that writes small helper files (e.g., CLAUDE.md) in the workspace. No external archives, URL downloads, or execution of code fetched from remote third-party servers are present.
Credentials: concernThe skill package contains hard-coded default API credentials (DEFAULT_AK and DEFAULT_SK) inside scripts and explicitly recommends creating/writing a config file with them to the user's home. Yet the skill declares no required env vars/config paths or primary credential in the metadata. Storing and using a secret key from the repository (and auto-writing it into ~/.gate-dex-openapi/config.json) is a disproportionate and sensitive capability for a read-only market-data skill and should be justified before use.
Persistence & Privilege: concernThe skill will persist configuration in the user's home directory (~/.gate-dex-openapi/config.json), potentially on first-run, and will read/write that file on subsequent invocations. It does not request 'always: true', but it does mandate an environment-detection step on every trigger and will create persistent files and helper docs in workspace/home. This persistent storage of credentials and mandatory runtime step increases the skill's long-term footprint.