Gate Exchange MarketAnalysis

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a read-only Gate market-analysis helper, but it also directs the agent to follow mutable external rules and can produce personalized trading or allocation advice that is broader than its stated market-metrics purpose.

Install only if you are comfortable with a read-only Gate MCP skill that may ask for MCP authentication and may generate trading or portfolio suggestions. Use read-only API credentials if any key is required, do not grant trading or withdrawal permissions, and treat all recommendations as informational rather than personalized financial advice. Review the external Gate runtime-rules link before use because the skill makes that remote document authoritative.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill metadata scopes the tool to market analysis, but the scenarios materially expand behavior into personalized trading, allocation, and portfolio-adjustment advice. That scope drift can cause the agent to be invoked for higher-risk financial guidance without the stronger safeguards, suitability checks, or approvals that a true advisory skill would require.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documentation introduces portfolio review and allocation recommendation features that are not justified by the stated purpose of providing market metrics like liquidity, slippage, and funding analysis. This increases the chance of unauthorized or unexpected activation for sensitive financial-advice tasks, creating compliance and user-harm risk.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The file says the output is 'not investment advice' while also directing the model to provide explicit technical-analysis recommendations about what users should do and whether to go long or short. That contradiction is dangerous because disclaimers do not neutralize prescriptive financial guidance, and users may still rely on the advice as actionable trading direction.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The portfolio-allocation sections pair a 'not investment advice' disclaimer with instructions to give concrete allocation weights, adjustment suggestions, and other assets to buy. This is effectively individualized investment advice despite the disclaimer, which can mislead users and create elevated financial, trust, and regulatory risk.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: Broad trigger phrases around technical analysis and 'what to do' can overlap with ordinary market discussion and cause the skill to activate in contexts where the user did not clearly request specialized or high-risk financial guidance. In this skill, that is more dangerous because activation can lead directly to prescriptive trading outputs.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The portfolio and allocation triggers are broad natural-language phrases that may match routine investment conversation, making accidental invocation likely. Because the downstream behavior includes concrete allocation advice, ambiguous triggering raises the chance of unsolicited personalized financial recommendations.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The portfolio review trigger is ambiguous enough to match broad everyday requests about holdings or markets. In the context of this skill, that ambiguity is risky because it can escalate a casual discussion into individualized adjustment advice without clear boundaries or user acknowledgement.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The technical-analysis section provides recommendation-oriented outputs but lacks a prominent, upfront warning about financial risk, uncertainty, and limitations. In a market-analysis skill, that makes harmful overreliance more likely, especially when users are prompted toward long/short decisions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The multi-asset allocation workflow describes investment allocation advice without a strong, prominent warning about risk, volatility, and user suitability. Given that the flow asks for a budget and returns suggested weights, users may reasonably treat it as authoritative personalized guidance.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The portfolio adjustment flow lacks an upfront warning about financial and suitability risks even though it instructs the model to judge reasonableness and suggest concrete changes. That combination increases the likelihood of users relying on unqualified, context-poor portfolio advice that may be inappropriate for their circumstances.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal