Gate Exchange Affiliate Program Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gate-exchange-affiliate Version: 1.0.5 The skill bundle is a legitimate assistant for Gate Exchange affiliates to query commission and performance data. It follows security best practices by explicitly forbidding the agent from asking for API secrets in chat, enforcing read-only access (Rebate:Read), and providing detailed instructions on data privacy and correct API parameter usage (e.g., distinguishing between partner and trader UIDs). No indicators of data exfiltration, malicious execution, or prompt injection were found across SKILL.md, gate-runtime-rules.md, or mcp.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can query authenticated Gate partner rebate information through your configured API key.
The skill uses Gate account API credentials to access affiliate/partner rebate data. This is expected for the stated purpose and is scoped to read access, but it is still account-linked authority.
required_credentials:\n - gate_api_key\n - gate_api_secret\nrequired_permissions:\n - Rebate:Read
Use a dedicated Gate API key limited to Rebate:Read, keep the secret out of chat, and rotate the key if you no longer need the skill.
Your affiliate data is accessed through the configured Gate MCP server, so a misconfigured or untrusted MCP setup could affect privacy.
The skill relies on a local Gate MCP session as the intermediary for authenticated API calls. The dependency is disclosed and bounded to listed read-only tools, but the user should trust the local MCP deployment.
Credentials Source: Local Gate MCP deployment (`GATE_API_KEY`, `GATE_API_SECRET`)
Use the official or trusted Gate MCP configuration only, verify the available tools are limited to the documented rebate read operations, and avoid pasting secrets into chat.