ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gate Exchange Account and Asset Manager

v1.0.3

Gate multi-account asset manager L2 skill. Use when the user asks to check total assets combined with margin/liquidation risk or earnings snapshots. Triggers...

0· 94·0 current·0 all-time
byGate@gate-exchange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description and SKILL.md consistently describe a multi-account Gate exchange asset manager that aggregates many read tools and exposes a small set of guarded writes; the requested MCP toolset matches the stated capabilities.
Instruction Scope
SKILL.md is instruction-only and explicitly documents which read/write MCP tools to call and strict confirmation guards for writes. It also directs the agent to an external 'gate-runtime-rules.md' on GitHub — legitimate for governance, but worth verifying the referenced document and that the agent will not be allowed to call tools outside the listed set.
Install Mechanism
No install spec and no code files: the skill is instruction-only. That lowers filesystem risk because nothing is downloaded or executed locally by the skill package itself.
!
Credentials
The SKILL.md and README state an API key/OAuth2 is required and that unified-account write permissions (cex_unified_create_unified_loan, etc.) are used. However the registry metadata lists no required env vars, no primary credential, and no config paths. This mismatch (no declared credential while the skill needs sensitive exchange keys and write permissions) is disproportionate and unexplained.
Persistence & Privilege
always:false (default) and autonomous invocation allowed — normal for skills. The skill can perform high-impact write operations, but it documents strong confirmation and single-use confirmation guards. Combined with the missing credential declaration, the write capability increases risk if the confirmation flow is not actually enforced by the runtime.
What to consider before installing
Do not install or enable this skill until you resolve the credential mismatch. Specifically: 1) Confirm with the publisher how authentication is delivered to the skill (which env var or primaryEnv will hold the Gate API key / OAuth token) and verify that only Gate credentials are required. 2) Ensure the skill will be run in read-only mode until you explicitly supply an API key, and prefer to test initial runs with a key that has read-only permissions. 3) Verify the runtime actually enforces the documented confirmation flow for all write actions (single-use confirmations, re-confirm on parameter change). 4) Inspect or trust the referenced 'gate-runtime-rules.md' (the external GitHub link) before allowing the skill to call MCP tools. 5) If you plan to grant an API key with Unified:Write permissions, consider limiting exposure (minimum necessary scopes, time-limited key, or separate account) because those writes can borrow/set collateral/alter leverage. If the publisher cannot explain the missing required-env declaration, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awnhkwse1ps8a400dwja24n842ah2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments