Gate Exchange Futures

Key things to check before installing: - Verify provenance: README claims an official Gate repo and Gate.com publisher but Registry 'Source' is unknown and no homepage is provided. Ask the publisher for the canonical repository/link and confirm the repo ownership (e.g., gate.com GitHub org) before trusting the skill. - Credentials mismatch: The skill docs require a Gate API key (Fx:Write) but the registry metadata lists no required env vars/credentials. Do not provide high-privilege API keys until the metadata is fixed. Request that the skill declare the required credential explicitly in registry metadata. - Use least privilege: If you enable the skill, create a Gate API key scoped only to what's needed (Fx:Write if required), apply IP/API restrictions if possible, and consider using a test account or minimal funds for initial trials. - Confirmations & autonomous actions: The SKILL.md says explicit user confirmation is required before any write. Verify your agent/runtime enforces that confirmation before executing any write calls. If possible, disable autonomous invocation for this skill or require manual approval for write actions. - Review external runtime rules: SKILL.md points to an external 'gate-runtime-rules.md' on GitHub that the skill tells agents to follow. Inspect that external doc before use to ensure it doesn't introduce unexpected behavior. - Test read-only behavior first: Before allowing any create/amend/cancel, run intents that only list tickers/positions/orders to validate the MCP connection and responses. If the publisher cannot prove official Gate ownership or cannot update the registry to declare the API key requirement, treat the package as untrusted and avoid installing it with production credentials.