Skillv1.0.3

ClawScan security

Gate Exchange Simple Earn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 10:33 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill’s declared purpose (manage Gate Simple Earn flexible and fixed-term workflows) matches the tools and instructions it contains; it has no installers or secret/env requirements in the skill package and delegates authentication to the Gate MCP server, which is appropriate for this use case.
Guidance: This skill is internally consistent with its stated purpose, but before installing you should: (1) confirm you trust the Gate MCP server instance you will use — that server holds your Gate API key and will perform write actions on your behalf; (2) ensure the API key configured in MCP has only the necessary permissions (Earn:Write only if you want subscribing/redeeming) and is not shared broadly; (3) verify the agent prompts and requires explicit confirmation before any subscribe/redeem/change-rate action (the SKILL.md requires this as an SOP); (4) review the referenced runtime rules (the external GitHub doc) so you understand any additional runtime behaviors or constraints; and (5) if you only want read-only behavior, consider configuring or testing the MCP instance so write tools are unavailable (the skill supports degraded query-only mode). Finally, note the changelog shows an earlier version that disabled write calls — if you have concerns, confirm the current deployed version’s policy on automated writes before granting access.

Review Dimensions

Purpose & Capability: okThe name/description match the MCP toolset and workflows documented in SKILL.md, README, and references. All required operations (list rates/products, query positions/history, create lend/subscribe/redeem, change min_rate) correspond to cex_earn_* tools described in the package. The requirement for an API key is handled by the Gate MCP layer (expected for exchange account actions).
Instruction Scope: noteThe runtime instructions are scoped to MCP tools only and explicitly prohibit calling undocumented tools. They also mandate removing time fields from user-facing output and require explicit user confirmation before write actions. Two points for the user to note: (1) SKILL.md tells the agent to follow external runtime rules (link to a GitHub doc) — that external doc could change behavior and should be reviewed; (2) the package’s changelog contains an earlier entry that temporarily disabled subscribe/redeem, then later re-enabled them — this versioning history could cause confusion about whether write operations are currently allowed. Functionally, the instructions do not request local file reads, unrelated env vars, or data exfiltration.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute, so nothing will be written to disk or downloaded when loading the package.
Credentials: okThe skill declares no environment variables or credentials in the package; account authentication is delegated to the Gate MCP server which stores the Gate API key. That is proportional for a skill that performs account-level financial actions. The skill requires Earn:Write permission (write operations) which is appropriate for subscribe/redeem/change-rate operations — users should ensure the API key provided to MCP has only the permissions they intend to grant.
Persistence & Privilege: okalways:false and no special privileges or requests to modify other skills or global agent settings. The skill relies on the MCP server to hold credentials; autonomous invocation is allowed by platform default but the skill’s SOP requires explicit confirmation before any write call, reducing risk in practice.