ClawHub

Gate Exchange KYC Portal Skill

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Gate KYC portal helper, but it needs Review because it gives a mutable external runtime-rules file highest authority in a sensitive exchange workflow.

Install only if you trust this publisher and are comfortable with the skill relying on external runtime rules that can change outside the reviewed package. Complete KYC only through Gate's official portal, and do not paste identity documents, API keys, passwords, or account credentials into chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad, generic support-language terms like 'verify my identity' and 'why can't I withdraw', which can cause the skill to activate in situations where the user did not specifically ask for the Gate KYC portal. In a financial-exchange context, unintended routing is risky because it can misdirect users seeking broader withdrawal or account support into a narrow KYC flow, increasing confusion and creating opportunities for phishing-like misnavigation if similar skills exist.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger scope is broad enough to catch generic support questions like withdrawal problems, which may route users into this skill even when the real issue is not KYC-related. That can misdirect users to a sensitive identity-verification flow and suppress more appropriate handling for account, fraud, or transaction issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal