ClawHub

gate-info-trendanalysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Gate market technical-analysis helper with disclosed MCP data use and no bundled executable code or credential requirements.

Install this only if you trust the local Gate-Info MCP server and the shared Gate runtime rule files it references. The packaged skill is read-only and does not require trading credentials, but users should review any optional maintenance script before approving updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Natural-Language Policy Violations

Low
Confidence
88% confidence
Finding
The file declares Scenario 2 as applying to Chinese requests, but its prompt examples are in English. This creates ambiguity about whether the skill is intended to enforce or assume a particular language behavior without clear user opt-in or a justified locale constraint.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## General Rules

⚠️ STOP — You MUST read and strictly follow the shared runtime rules before proceeding.
Do NOT select or call any tool until all rules are read. These rules have the highest priority.
→ Read `../gate-runtime-rules.md`
→ Also read `../info-news-runtime-rules.md` for gate-info / gate-news shared rules (tool degradation, report standards, security, routing, and optional local maintenance when `scripts/` is present).
- **Only call MCP tools explicitly listed in this skill.** Tools not documented here must NOT be called, even if they
Confidence
80% confidence
Finding
call any tool

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal