Gate Exchange Sub-Account
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with Gate sub-account management, but it imports unreviewed remote “highest priority” rules and mislabels lock/unlock account-changing tools as read-only.
Review the remote runtime rules and Gate MCP installation before using this skill. If you proceed, connect only a least-privileged Gate API key and require explicit confirmation for every create, lock, or unlock action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could follow unreviewed instructions from a remote file before managing your Gate account.
The skill makes an external, mutable GitHub document authoritative before any tool use. That remote text is not included in the reviewed artifact set, yet it is given top priority for a skill that can perform financial account-management actions.
STOP — You MUST read and strictly follow the shared runtime rules before proceeding... These rules have the highest priority. → Read [gate-runtime-rules.md](https://github.com/gate/gate-skills/blob/master/skills/gate-runtime-rules.md)
Only use this after verifying the remote rules yourself, or prefer a version that packages a pinned local copy of the runtime rules and does not elevate remote text above user intent.
A user or agent may underestimate that lock/unlock changes real account access and trading ability.
The lock and unlock tools are categorized as read-only even though other sections say they disable or restore login and trading. This could confuse approval boundaries for high-impact account-state changes.
**Query Operations (Read-only)** - cex_sa_get_sa - cex_sa_list_sas - cex_sa_lock_sa - cex_sa_unlock_sa
Treat lock and unlock as write operations requiring explicit confirmation, and update the skill documentation so all mutation tools are clearly labeled.
If misused, the connected account authority can create sub-accounts or change whether existing sub-accounts can log in and trade.
The skill needs privileged Gate API authority to manage sub-accounts. This is expected for the stated purpose, but it is sensitive and can affect account access.
API Key Required: Yes ... Permissions: Sa:Write ... All sub-account operations require API key authentication with main-account privileges.
Use the least-privileged Gate API key that supports only the needed sub-account actions, and confirm every create, lock, or unlock request before allowing it.
The safety of real API calls also depends on the external Gate MCP installation, not just this skill file.
The reviewed skill has no local code, but its actual execution depends on an external MCP server and installer skills that are not included in these artifacts.
Requires [gate-mcp](https://github.com/gate/gate-mcp) to be installed... Install: Run installer skill for your IDE
Verify the Gate MCP source, installation method, and requested permissions before connecting an API key.