ClawHub

Gate Exchange Coupon

v1.0.4

Gate coupon and voucher query skill. Use when the user asks about coupon balance, rules, expiry, or source. Triggers on 'my coupons', 'coupon details', 'vouc...

0· 141·0 current·0 all-time
byGate@gate-exchange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior: the skill queries coupon lists and details via Gate MCP tools. Required env vars (GATE_API_KEY, GATE_API_SECRET) are appropriate for calling Gate APIs and the declared permission is Coupon:Read. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines execution to read-only MCP tools (cex_coupon_list_user_coupons, cex_coupon_get_user_coupon_detail), includes detailed formatting/output rules, and explicitly forbids requesting secrets in chat or calling undocumented tools. It does instruct using local MCP session and occasional local tooling (e.g., a small python snippet for timestamp conversion), which is consistent with the stated workflow.
Install Mechanism
Instruction-only skill with no install spec or downloads. Nothing is written to disk by the skill bundle itself; lowest install risk.
Credentials
The skill asks for GATE_API_KEY and GATE_API_SECRET which is expected for API access. Note: API secrets can sometimes enable broader actions depending on account/API key scopes configured at Gate — the skill documents a minimal Coupon:Read permission, but verify the actual API key permissions in your Gate account before provisioning.
Persistence & Privilege
always:false and default model-invocation/autonomy are used. The skill does not request permanent presence or modify other skills or system-wide settings. It also states it will not store or paste API secrets.
Assessment
This skill appears coherent and limited to read-only coupon queries on Gate. Before installing: (1) only provide API credentials via your local MCP/session configuration (do not paste keys into chat); (2) create an API key with the minimum necessary scope (Coupon:Read) in your Gate account and verify its permissions; (3) confirm you trust the local MCP deployment you will use (skill expects a configured local Gate MCP); (4) review the GitHub homepage/source if you want provenance before enabling. If you cannot confirm MCP origin or cannot restrict the API key scope, proceed cautiously or create a dedicated, limited-scope key you can revoke.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpj06ywjr4tpmdq0khysn0984e32t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGATE_API_KEY, GATE_API_SECRET
Primary envGATE_API_KEY

Comments