gate-info-riskcheck
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gate-info-risk-check Version: 1.0.3 The gate-info-risk-check skill bundle is designed to provide token contract security and address risk assessments using specific Gate-Info MCP tools. The instructions in SKILL.md and references/mcp.md define a clear, read-only workflow for generating structured risk reports with mandatory safety warnings and no evidence of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If those shared rule files differ from what the user expects, they could affect routing or tool-use behavior for this skill.
The skill depends on shared runtime instruction files outside the packaged file set, so the effective instructions may rely on local files not included in the reviewed artifact bundle. This is not shown to execute code or request credentials, but it is a provenance dependency users should notice.
Do NOT select or call any tool until all rules are read. These rules have the highest priority. → Read `../gate-runtime-rules.md` → Also read `../info-news-runtime-rules.md`
Installers should verify the referenced shared Gate runtime-rule files come from the expected source and do not broaden tool use beyond the documented read-only Gate-Info workflow.
A repository copy with updater scripts could modify the installed skill files after the user approves an apply step.
The skill documents optional updater behavior that depends on scripts not present in the published bundle. The instructions limit updates to the skill directory and require user approval, which keeps this as a notice rather than a concern.
Local maintenance (optional, repository copy only): - If `scripts/update-skill.*` exists in the repository copy, `check` may compare the installed copy with the packaged skill source used by the current install. - Ask the user before `apply`. - `apply` updates files within this skill directory only.
Only approve maintenance updates from a repository copy you trust, and review the changes before allowing an apply operation.
The external Gate-Info MCP service may receive the crypto identifiers you ask the skill to check.
The skill sends user-provided token, contract, chain, or address details to Gate-Info MCP tools. This is central to the skill's purpose and is described as read-only with no API key, but wallet or contract addresses can still be sensitive to some users.
| `info_compliance_check_token_security` | `token` or `address`, `chain` | risk level, risk items, tax, holder concentration, honeypot, open-source flags | | `info_onchain_get_address_info` | `address`, `chain` | basic address state, balances, tx count |
Avoid submitting wallet addresses or contract details you consider private unless you are comfortable sharing them with the configured Gate-Info MCP service.