Back to skill
Skillv1.0.2
ClawScan security
Gate Exchange MarketAnalysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 7:34 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a read-only Gate market-data analysis helper that only calls Gate MCP tools and requests no extra credentials or installs.
- Guidance
- This skill appears coherent and read-only: it only sequences Gate MCP market-data calls and asks for no local installs or secrets. Before installing, confirm you trust the MCP server that will execute these tools (it may hold or inject your Gate API key) and review the external 'gate-runtime-rules.md' link the skill requires. If you do not want autonomous agent calls to run without review, consider disabling autonomous invocation in your agent policy or only allow user-invoked runs. If you plan to use slippage simulations, the skill will prompt you for explicit symbol and quote-amount inputs (it will not assume defaults).
Review Dimensions
- Purpose & Capability
- okName, description, and all referenced resources (Gate MCP tool names and MCP installers) align with market-tape analysis. There are no unrelated env vars, binaries, or config paths requested.
- Instruction Scope
- noteSKILL.md gives detailed, scenario-specific MCP call sequences and explicit gating (e.g., Case 8 requires user-specified pair + amount). It also instructs the agent to read an external runtime rules doc (gate-runtime-rules.md on GitHub) before proceeding — this is reasonable for governance but introduces an external dependency to review before use.
- Install Mechanism
- okInstruction-only skill with no install spec and no code to write to disk. Lowest-risk installation model.
- Credentials
- okNo environment variables, credentials, or config paths are required by the skill itself. The skill expects the MCP layer to handle API keys if needed, which is proportionate for a platform-integrated read-only data skill.
- Persistence & Privilege
- okNo 'always: true', no install-time persistence, and default autonomous invocation is enabled (normal for skills). The skill does not request elevated system-wide privileges or modify other skills' config.