Gate Exchange Futures

Security checks across malware telemetry and agentic risk

Overview

This skill is for real Gate futures trading and needs review because it grants live trading authority while some instructions are broad or inconsistent about confirmation before financial actions.

Install only if you trust the Gate MCP server, the Gate publisher/source, and the externally referenced runtime rules. Use the narrowest Gate futures API permissions available, avoid ambiguous prompts like 'cancel all' or 'close half' unless the target account and contract are clear, and confirm trades only after checking contract, side, size, leverage, margin mode, order type, and affected scope.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (14)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: This scenario instructs the agent to switch margin mode to cross as part of the open-long flow, even though the earlier rule explicitly says margin mode must only be changed when the user asks for it. In a live futures trading skill, silently changing cross/isolated mode alters liquidation behavior and risk exposure for existing or new positions, so an inconsistent instruction can cause unauthorized account-risk changes.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The POC scenario likewise omits the mandatory pre-order confirmation step and directs immediate order placement. Even though post-only orders may rest instead of fill immediately, they still create real exposure and can lock funds or open positions later, so bypassing confirmation is unsafe in a trading context.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The POC scenario likewise omits the mandatory pre-order confirmation step and directs immediate order placement. Even though post-only orders may rest instead of fill immediately, they still create real exposure and can lock funds or open positions later, so bypassing confirmation is unsafe in a trading context.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing table uses broad verbs like "buy," "sell," "open," and "close" to trigger a futures trading skill, which increases the chance of unintended invocation from ambiguous user messages. In a high-risk financial context, accidental activation can lead to leveraged order placement, position closure, or order cancellation with real account impact, so this is more dangerous than the same pattern in a low-stakes skill.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The README advertises destructive and financially significant actions such as opening, closing, reversing, and canceling futures orders, but provides no meaningful risk disclosure about leverage, liquidation, or loss beyond mentioning confirmation. In a perpetual futures skill, lack of clear warnings can normalize high-risk actions and make users less likely to recognize the consequences of mistakes or ambiguous instructions.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example phrases for amending size are very broad and natural-language-like, especially "Amend order size to 10" and "Order 94294117235059656 size to 10." In a trading skill, overly permissive invocation patterns can cause the skill to activate on ambiguous user utterances and begin a high-risk trading workflow, increasing the chance of unintended order modification if downstream confirmation logic is weak or bypassed.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The no-ID examples "Amend my order price" and "Change my order" are highly nonspecific, yet the documented behavior is to list open orders and proceed toward amendment. In a futures trading context, broad triggers are especially dangerous because they can route casual or incomplete user language into a sensitive financial action flow, risking modification of the wrong open order or prompting unintended trading operations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger examples for cancellation include very broad phrases such as 'Cancel my order', 'Cancel order', and 'Show my orders', which can easily match common conversational input without enough scoping to distinguish listing from destructive execution. In a futures trading skill, ambiguous intent resolution around order cancellation can cause unintended order removal, directly affecting active trading strategies and financial positions.

Vague Triggers

High

Confidence: 98% confidence
Finding: The phrase 'Cancel all' is extremely ambiguous and maps to a destructive bulk action that can remove every open futures order. Because this skill operates in a financial trading context, misinterpreting a short utterance or contextual carryover could cause broad, irreversible disruption of pending entries, exits, or risk-management orders.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The contract-specific bulk cancellation flow performs a destructive action for all orders on a contract without requiring an explicit warning or confirmation. Even though the scope is narrower than global cancellation, removing all orders for a futures contract can still disable entries, exits, and protective orders such as staged limits associated with a live trading plan.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger examples for initiating a close flow are very broad and include common phrases like 'Help me close' or 'Close position', which can overlap with ordinary conversation in a trading assistant. In a high-risk trading context, ambiguous activation can cause the agent to enter an order-preparation or execution flow based on underspecified user intent, increasing the chance of unintended position closure.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The partial-close guidance instructs the agent to verify the position, compute the size, submit a reduce-only IOC market order, and then verify the remainder without requiring a user confirmation step immediately before execution. Because this skill operates on live perpetual futures positions, omission of explicit confirmation can lead to unauthorized or accidental trading losses from misheard, ambiguous, or coerced prompts.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The close-half scenario similarly proceeds from position lookup to calculating 50% size and executing a reduce-only market close without an explicit pre-trade confirmation. In leveraged futures trading, even a partial market close is a material account action that can realize PnL, affect liquidation thresholds, and create irreversible economic harm if triggered unintentionally.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The contract-specific close-all guidance tells the agent to query the position, close all for that contract, and verify/report, but it omits an explicit confirmation step before fully clearing the user's position. Since this is a direct destructive trading action on a live derivative product, lack of confirmation materially raises the risk of accidental liquidation of strategy exposure and immediate realized losses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal