ClawHub
Back to skill
v1.0.2

Gate Flash Swap Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:09 AM.

Analysis

This is a coherent Gate crypto swap skill, but it can execute financial conversions and relies on external authoritative runtime instructions, so it should be reviewed carefully before enabling.

GuidanceBefore installing, verify the publisher and Gate MCP setup, review the external runtime rules, and be cautious with one-click swap requests. Prefer a tightly scoped API key and require explicit confirmation before any cryptocurrency conversion.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceHighStatusConcern
SKILL.md
STOP — You MUST read and strictly follow the shared runtime rules ... These rules have the highest priority. → Read [gate-runtime-rules.md](https://github.com/gate/gate-skills/blob/master/skills/gate-runtime-rules.md)

The skill makes an external, unpinned document authoritative before tool use, even though that document is not included in the reviewed artifacts.

User impactThe agent could obey runtime instructions outside the reviewed package while handling financial transactions.
RecommendationOnly install if you trust and have reviewed the referenced Gate runtime rules; the publisher should bundle or pin the exact rules version instead of relying on a mutable external document.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
references/scenarios.md
Immediately call `cex_fc_create_fc_order_v1` with the returned quote_id and amounts — no separate confirmation

The documented one-click workflow allows the agent to create a crypto swap after preview when it interprets the request as direct or one-click, without a second confirmation step.

User impactA misunderstood or overly broad one-click request could result in an unwanted cryptocurrency conversion.
RecommendationUse explicit confirmation for all create endpoints, or restrict one-click mode to exact confirmation phrases with clear amount limits and quote details shown first.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
- API Key Required: Yes (see skill doc/runtime MCP deployment)
- Permissions: Fc:Write

The skill requires a Gate API key with flash-swap write permission, which is expected for the purpose but grants delegated authority over account funds.

User impactIf enabled with a Gate API key, the agent can use that delegated permission to place flash swap orders through the MCP server.
RecommendationUse the least-privileged Gate API key possible, review the MCP server setup, monitor order history, and revoke the key if the skill is no longer needed.