ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gate Codex One-Click Installer (MCP + Skills)

v1.0.2

Gate MCP and Gate skills installer for Codex. Use when the user asks to add Gate MCP or skills to Codex. Triggers on 'install Gate MCP Codex', 'Gate skills C...

0· 256·0 current·0 all-time
byGate@gate-exchange
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the code: the script writes ~/.codex/config.toml entries and copies the gate-skills repository into $CODEX_HOME/skills. Requesting Node/npm/git and interacting with Codex config is coherent with an installer. However, installing 'all skills' (cloning and copying every subdirectory) is broad and can introduce arbitrary third-party code into the user's skills directory — this is expected for an installer but high-impact.
!
Instruction Scope
SKILL.md + install.sh operate only on CODEX_HOME (default ~/.codex) and the cloned gate-skills repo. They prompt the user for GATE_API_KEY/GATE_API_SECRET (only for Gate main) and then append/merge TOML fragments into config.toml. Surprising behaviors: 1) the script will rm -rf existing skill directories with the same name (overwrite without interactive confirmation), 2) the gate-dex TOML fragment includes an Authorization = "Bearer ${GATE_MCP_TOKEN}" placeholder but the installer never prompts for or sets GATE_MCP_TOKEN, and 3) the DEX x-api-key is hardcoded into the fragment (MCP_AK_8W2N7Q). There are no instructions to inspect cloned skills before copying.
Install Mechanism
The script clones a public GitHub repository (well-known host) and copies files locally — this is a normal install mechanism. The script will also attempt npm install -g npx if npx is missing, which modifies the system global npm state; that action is documented in the script but can be surprising and may require elevated privileges. No downloads from obscure/personal URLs are used.
!
Credentials
No required env vars are declared, which matches the metadata. The installer optionally asks interactively for GATE_API_KEY/GATE_API_SECRET and writes them into config.toml in plaintext if provided — expected but sensitive. Two items stand out: a fixed x-api-key (MCP_AK_8W2N7Q) is embedded into the gate-dex fragment, and the gate-dex fragment contains Authorization = "Bearer ${GATE_MCP_TOKEN}" but the installer does not capture or explain how GATE_MCP_TOKEN is obtained or set. The presence of an unresolved token placeholder and an embedded fixed key should be clarified.
Persistence & Privilege
The installer persistently modifies the user's Codex config and skills directory (default ~/.codex). It is not marked always: true and does not alter other skills' configs beyond copying/overwriting directories in $CODEX_HOME/skills. Because it can overwrite existing skill directories and append to config.toml, users should consider backing up those locations before running the script.
What to consider before installing
This installer does what it claims (wires MCP entries into Codex config and installs gate-skills), but take precautions: 1) Backup ~/.codex/config.toml and your existing $CODEX_HOME/skills/ before running. 2) If you only want config changes, use --no-skills so the script won't clone/copy hundreds of third-party skills. 3) Inspect the cloned gate-skills repository locally (or clone manually) before copying to ensure you trust the code being installed. 4) Note the hardcoded DEX API key (MCP_AK_8W2N7Q) and the Authorization = "Bearer ${GATE_MCP_TOKEN}" placeholder — ask the maintainer how GATE_MCP_TOKEN is obtained and whether that fixed key is intended for production. 5) Be aware the script may attempt a global npm install (npm install -g npx) which modifies your system environment and may require privileges. 6) If unsure, run the script in an isolated environment (container or VM) or set CODEX_HOME to a temporary path so you can validate outcomes before changing your real Codex configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735bez4gs0e87waq9898ks5d8438ft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments