Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gate DEX Trade
v1.0.3Gate DEX swap EXECUTION skill. For on-chain token exchange transactions that MODIFY blockchain state: swap, buy, sell, exchange, convert tokens, cross-chain...
⭐ 0· 268·0 current·0 all-time
byGate@gate-exchange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is an execution-focused DEX/trade skill and includes helper scripts for API calls, allowance checks, and multi-chain signing — these are coherent with its purpose. However, the registry metadata claims no required credentials/config paths while the runtime repeatedly expects/uses an MCP token and an AK/SK config file (~/.gate-dex-openapi/config.json). That mismatch (declared 'none' vs instructions that require credentials/config) is worth noting.
Instruction Scope
SKILL.md explicitly instructs the agent to obtain private keys (via paste, file path, or by reading workspace files/.env) for signing and to read/write user config files (e.g., ~/.gate-dex-openapi/config.json, .cursor/.mcp.json). Asking agents to read arbitrary workspace files and .env for private keys is high risk (data-exfiltration or accidental upload). The skill also requires following external runtime rules (via a GitHub URL) which the agent must fetch before any tool calls.
Install Mechanism
No package install spec is declared (instruction-only) but an install.sh is bundled and will create config files, symlink the skill into local platform skill dirs, and create routing rules. The installer writes into user home and project dirs and ships prebuilt binaries (swap-checkin-*). Executing bundled binaries and an interactive installer is plausible for this skill but raises the usual risk surface (unsigned binaries, local execution).
Credentials
Registry lists no required env vars, but the runtime requires mcp_token (MCP mode) and/or AK/SK in ~/.gate-dex-openapi/config.json. The repo also contains example/default AK/SK values in references/_shared.md and install.sh writes a default OpenAPI config into the user's home. The skill asks for private keys and allows reading them from local files — broad access to sensitive secrets that is functional for signing, but not explicitly declared in metadata and therefore disproportionate without careful user review.
Persistence & Privilege
Skill does not request always:true and is user-invocable (normal). The installer writes persistent config and platform routing rules (e.g., .cursor/skills link, .cursor/rules, .mcp.json, opencode.json) which will increase how often the skill is considered for trading intents. That persistent integration is coherent for a trading skill but increases blast radius if misused.
What to consider before installing
This skill can perform real on-chain trades and includes scripts and an interactive installer that write config files and link the skill into local AI-platform directories. Key things to consider before installing:
- Do NOT paste or store your private keys into this workspace or into config files unless you fully trust and inspected the signing scripts and binaries. The skill explicitly tells the agent it may read private keys from pasted text, file paths, or workspace files (.env) — that is a high-risk instruction.
- The install script will create files in your home directory (~/.gate-dex-openapi, .cursor/.mcp.json, opencode.json, etc.) and will create symlinks and routing rules that make the skill active in your local AI platforms. Expect persistent changes.
- The repo embeds example/default AK/SK values and the shared docs instruct creating a config with default keys. Using embedded or public keys may be intended as demo credentials but could result in unexpected network calls tied to shared credentials. Replace with your own keys only after reviewing gate-api-call.py.
- Review these files before running anything: scripts/gate-api-call.py, scripts/sign-tx-evm.py, scripts/sign-tx-sol.js, scripts/check-allowance.py, install.sh, and any bundled binaries (tools/tx-checkin/*). If you cannot audit binaries, run the skill in a sandboxed environment or decline installation.
- Prefer hardware wallet signing or an external, audited signer if you plan to sign mainnet transactions. If you must use local signing, test on a safe testnet and never reuse private keys used for significant funds.
Overall recommendation: only proceed if you (or someone you trust) has inspected the signing scripts and installer; otherwise treat this as potentially dangerous for secrets and system configuration.Like a lobster shell, security has layers — review code before you run it.
latestvk9752smq9nhpafry9k55se433n84c255
License
MIT-0
Free to use, modify, and redistribute. No attribution required.