ClawHub

gate-info-research

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto market research skill, with some broad routing examples but no evidence of trading, credential theft, persistence, or destructive behavior.

Install only if you are comfortable with Gate MCP being used for market and news lookups. Treat outputs as research, not investment advice, and verify that any separately installed Gate MCP or runtime rules are from the publisher you trust. Be alert if another component asks for trading permissions or secrets, because this skill itself does not need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The examples "What's happening in the crypto market today?" and "Market summary please — include major events and sentiment" are broad, everyday phrases that can cause this higher-complexity research skill to activate when a simpler market-summary or single-dimension skill would be more appropriate. Over-broad triggering increases the chance of unnecessary tool calls, misrouting, and scope expansion, which can degrade safety boundaries and produce unexpected behavior in a multi-skill system.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example "Full analysis of ETH please" is underspecified and can match many user intents, including simple price checks or basic overviews, yet it maps to an expansive deep-dive workflow that activates fundamentals, technicals, news, and risk tools in parallel. In this skill context, that ambiguity is risky because the skill is explicitly supposed to be used only for multi-dimension research, so vague prompts can lead to over-activation and unnecessary data access.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to enter screening mode when "No symbols provided + screening keywords detected" is ambiguous because terms like "worth looking at," "promising," or "analyze" can appear in loosely related requests that do not clearly ask for market-wide screening. In a research orchestration skill with serial dependency and ranking logic, ambiguous screening boundaries can cause broad scans of multiple assets and an unsolicited deep dive, increasing misrouting and unintended tool usage.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal