gate-info-marketoverview

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto market overview skill with disclosed external data-tool use and no evidence of hidden code, credential access, persistence, or destructive behavior.

Install only if you trust the Gate Info/Gate News MCP server configured in your environment. Treat the output as informational market context, not investment advice, and use a more specific Gate skill for coin-level, technical, risk, or portfolio analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The scenario document instructs routing single-coin queries to gate-info-coinanalysis, while the manifest says such cases should go to gate-info-research for specific-coin or multi-dimension requests. Conflicting routing guidance can cause the wrong skill to be invoked, leading to incomplete analysis, bypass of intended safeguards, or inconsistent handling of higher-risk financial queries.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger examples are generic phrases that can match many user requests without clearly excluding coin-specific or analysis-heavy intents. This ambiguity can cause accidental invocation of this overview-only skill instead of a more appropriate skill, resulting in partial answers or missed controls tied to narrower query classification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal