ClawHub

Gate Spot Exchange Skill

Security checks across malware telemetry and agentic risk

Overview

This Gate spot-trading skill is purpose-aligned but needs review because it can place real crypto orders and contains conflicting TP/SL instructions plus broad activation wording.

Install only if you intentionally want an assistant to manage Gate spot trades. Use a dedicated Gate API key with no withdrawal permission, verify the Gate MCP server source, and read every draft carefully before confirming any trade, trigger order, amendment, or cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill contradicts itself on TP/SL support: earlier sections explicitly implement trigger-order workflows for take-profit/stop-loss, while the safety rules say to state TP/SL is not supported. In a trading skill with write permissions, this inconsistency is dangerous because it can cause the agent to mis-handle high-risk order types, bypass intended safeguards, or provide inaccurate assurances about what will execute.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match ordinary trading-related conversation such as 'buy', 'sell', or 'cancel order', which increases the chance that the skill activates when the user did not intend to invoke this specific exchange integration. In a skill capable of placing real spot orders and managing live account activity, accidental or overly eager activation can lead to unintended financial actions, especially if downstream confirmation logic is imperfect or bypassed elsewhere.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description uses broad trigger phrases like 'buy coin', 'sell spot', 'take profit', and 'stop loss', which can match ordinary conversation without clear scoping. Because this skill has Spot:Write permission, over-broad routing increases the chance the wrong skill activates in ambiguous contexts and starts preparing or executing trading workflows the user did not intend.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal