Gate Exchange Affiliate Program Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent read-only Gate affiliate reporting skill, but it does require a Gate API key and secret with rebate read access.
Before installing, confirm you intend to let the agent read your Gate partner affiliate data, configure only a least-privilege Rebate:Read API key, and use a trusted local Gate MCP setup. The artifacts do not show hidden code, persistence, writes, or secret exfiltration.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can query authenticated Gate partner rebate information through your configured API key.
The skill uses Gate account API credentials to access affiliate/partner rebate data. This is expected for the stated purpose and is scoped to read access, but it is still account-linked authority.
required_credentials:\n - gate_api_key\n - gate_api_secret\nrequired_permissions:\n - Rebate:Read
Use a dedicated Gate API key limited to Rebate:Read, keep the secret out of chat, and rotate the key if you no longer need the skill.
Your affiliate data is accessed through the configured Gate MCP server, so a misconfigured or untrusted MCP setup could affect privacy.
The skill relies on a local Gate MCP session as the intermediary for authenticated API calls. The dependency is disclosed and bounded to listed read-only tools, but the user should trust the local MCP deployment.
Credentials Source: Local Gate MCP deployment (`GATE_API_KEY`, `GATE_API_SECRET`)
Use the official or trusted Gate MCP configuration only, verify the available tools are limited to the documented rebate read operations, and avoid pasting secrets into chat.