gate-info-riskcheck
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a read-only crypto token/address risk checker, with some external Gate MCP and shared-rule dependencies that users should notice but no artifact-backed malicious behavior.
This appears safe to use for read-only token or address risk reports if you trust the configured Gate-Info MCP service. Before installing, verify any shared Gate runtime-rule files and approve optional maintenance updates only from a trusted repository copy.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If those shared rule files differ from what the user expects, they could affect routing or tool-use behavior for this skill.
The skill depends on shared runtime instruction files outside the packaged file set, so the effective instructions may rely on local files not included in the reviewed artifact bundle. This is not shown to execute code or request credentials, but it is a provenance dependency users should notice.
Do NOT select or call any tool until all rules are read. These rules have the highest priority. → Read `../gate-runtime-rules.md` → Also read `../info-news-runtime-rules.md`
Installers should verify the referenced shared Gate runtime-rule files come from the expected source and do not broaden tool use beyond the documented read-only Gate-Info workflow.
A repository copy with updater scripts could modify the installed skill files after the user approves an apply step.
The skill documents optional updater behavior that depends on scripts not present in the published bundle. The instructions limit updates to the skill directory and require user approval, which keeps this as a notice rather than a concern.
Local maintenance (optional, repository copy only): - If `scripts/update-skill.*` exists in the repository copy, `check` may compare the installed copy with the packaged skill source used by the current install. - Ask the user before `apply`. - `apply` updates files within this skill directory only.
Only approve maintenance updates from a repository copy you trust, and review the changes before allowing an apply operation.
The external Gate-Info MCP service may receive the crypto identifiers you ask the skill to check.
The skill sends user-provided token, contract, chain, or address details to Gate-Info MCP tools. This is central to the skill's purpose and is described as read-only with no API key, but wallet or contract addresses can still be sensitive to some users.
| `info_compliance_check_token_security` | `token` or `address`, `chain` | risk level, risk items, tax, holder concentration, honeypot, open-source flags | | `info_onchain_get_address_info` | `address`, `chain` | basic address state, balances, tx count |
Avoid submitting wallet addresses or contract details you consider private unless you are comfortable sharing them with the configured Gate-Info MCP service.