Gate Claude Code One-Click Installer (MCP + Skills)
WarnAudited by ClawScan on May 10, 2026.
Overview
The installer mostly matches its stated Gate/Claude setup purpose, but it installs mutable remote tools and skills persistently and can enable high-privilege trading/account access.
Install only if you trust Gate, api.gatemcp.ai, and the gate-skills GitHub repository. Prefer selecting only the MCPs you need, consider `--no-skills`, back up `~/.claude.json` and `~/.claude/skills`, and avoid entering trading API keys unless necessary; use read-only or least-privilege credentials whenever possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could follow changed external instructions that the user and reviewer have not seen.
The skill tells the agent to treat a mutable remote GitHub document, not included in the reviewed artifacts, as highest-priority runtime instructions.
STOP — You MUST read and strictly follow the shared runtime rules before proceeding. Do NOT select or call any tool until all rules are read. These rules have the highest priority. → Read [gate-runtime-rules.md](https://github.com/gate/gate-skills/blob/master/skills/gate-runtime-rules.md)
Bundle or pin the runtime rules to a reviewed commit, and do not make remote documentation higher priority than the local skill and user instructions.
Future runs may install different or newly added skills that persistently affect Claude Code behavior.
The installer pulls the latest master branch from GitHub and copies every skill into the user's Claude skills directory, rather than installing a pinned reviewed version.
GATE_SKILLS_BRANCH="${GATE_SKILLS_BRANCH:-master}" ... git clone --depth 1 -b "$GATE_SKILLS_BRANCH" "$GATE_SKILLS_REPO" "$TMP_CLONE" ... cp -R "$dir" "$dst"Pin to a release tag or commit, verify provenance, list the exact skills to be installed, and ask before replacing existing skill directories.
If the user completes OAuth or enters API keys, Claude Code may gain access to account and trading tools with financial impact.
The default install includes a private exchange MCP with broad financial-account scopes, including trading and wallet access.
Default: When the user does not specify which MCPs to install, install all MCPs (`main`, `cex-public`, `cex-exchange`, `dex`, `info`, `news`) ... Remote CEX — Exchange ... Private trading & account (~400+ tools) ... scopes: `market`, `profile`, `trade`, `wallet`, `account`.
Make private exchange/trading MCPs explicitly opt-in, default to public/read-only access, and clearly recommend least-privilege API keys and per-action user confirmation.
A malformed or unreadable Claude config could be overwritten, affecting other MCP servers or user settings in later sessions.
If the existing Claude config cannot be read or parsed, the helper treats it as empty and writes a new config, which can discard unrelated existing settings instead of stopping.
catch {
return {};
} ... Object.assign(existing.mcpServers, add);
fs.writeFileSync(outPath, JSON.stringify(existing, null, 2));Back up the config first, fail closed on parse errors, and require manual remediation instead of silently replacing unreadable config.