ClawHub

Gate Exchange Auto-Invest Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gate auto-invest helper that is powerful but clearly scoped to named Gate MCP tools and requires confirmation before financial write actions.

Before installing, confirm your Gate MCP tools are correctly mapped and permissioned, because this skill can read account context and, after confirmation, create, update, stop, or top up auto-invest plans. Enforce the documented Action Draft confirmation flow at the platform level, and decide whether you are comfortable with the skill using a local date command or external Gate runtime rules for timezone and exchange handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run a local shell command (`date +"%Z %z"`) to detect the user's system time zone, which exceeds the stated purpose of managing auto-invest plans. Unnecessary local command execution expands the attack surface and may normalize broader system introspection without explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This repeated guidance again tells the agent to detect the user's system time zone via a shell command, reinforcing unauthorized local system access as part of normal workflow. Repetition makes misuse more likely and embeds behavior that is not required for executing the financial task safely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to execute a local system command without any explicit user-facing warning or consent flow. Even if the command appears low risk, silent execution of local commands violates least surprise and can be abused as a precedent for more invasive command use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal