ClawHub

Gate Exchange Assets

v1.0.5

Gate multi-account asset and balance query skill. Use when the user asks to check total assets, account balance, or specific coin holdings across all account...

0· 325·0 current·0 all-time
byGate@gate-exchange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared MCP tools, and required env vars (GATE_API_KEY, GATE_API_SECRET) all align with a multi-account, read-only Gate balance query. The listed permission scopes map to Gate read-only capabilities (Spot, Margin, Wallet, Earn, etc.) and are expected for the described aggregation.
Instruction Scope
SKILL.md limits actions to documented MCP read tools and explicitly forbids writes, asking users to rely on a configured local Gate MCP session and not to paste secrets into chat. This is appropriately scoped, but it does assume a trusted local MCP environment that has access to the provided API credentials (i.e., the skill will read those env vars at runtime).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest persistence/install risk. All runtime behavior is described in included docs.
Credentials
Only two environment variables (API key and secret) are required and declared; both are appropriate and necessary for Gate API reads. PrimaryEnv is correctly set to GATE_API_KEY. The permission scopes requested are read-only and justified.
Persistence & Privilege
always is false and there is no install or modifications to host configuration. The skill requires runtime access to environment credentials but does not request persistent system changes or cross-skill config writes.
Assessment
This skill appears coherent and read-only, but before installing: 1) Only provide Gate API credentials that have minimal read-only scopes; do not paste secrets into chat — provision them to the agent/MCP out-of-band. 2) Verify the local MCP deployment and host are trusted because the skill will use environment-stored keys at runtime. 3) Confirm the skill source (inspect the linked GitHub repo) if you need provenance assurance. 4) Consider creating a scoped, low-privilege API key to test functionality and rotate keys after use. 5) Be aware the agent can invoke skills when permitted — if you allow autonomous invocation, the skill could query balances automatically using the provided credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97acc2efq4c50rthjgy4wcaws84edwp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGATE_API_KEY, GATE_API_SECRET
Primary envGATE_API_KEY

Comments