Back to skill
Skillv1.0.3
VirusTotal security
Gate DEX Trade · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:07 AM
- Hash
- 9ecf35576594af4f8b18a0da298bec144d5907cf6885be6e7f1c96afeb491f38
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gate-dex-trade Version: 1.0.3 This skill bundle is classified as suspicious due to its high-risk handling of sensitive credentials and aggressive installation behavior. The install.sh script modifies global and project-level AI configuration files (e.g., ~/.cursor/mcp.json, CLAUDE.md, AGENTS.md) to hijack agent routing and prioritize this skill. Additionally, the instructions in SKILL.md and references/sign.md direct the AI to solicit raw private keys from users for local transaction signing via provided scripts (sign-tx-evm.py, sign-tx-sol.js). The skill also relies on non-standard domains (gatemcp.ai, gateweb3.cc) and the execution of local pre-built binaries for transaction 'check-ins.' While these features are functionally relevant to the stated purpose of trade execution, the persistent configuration changes and the promotion of insecure credential handling practices represent significant security concerns.
- External report
- View on VirusTotal