ClawHub

gate-news-eventexplain

PassAudited by ClawScan on May 1, 2026.

Overview

This is a coherent, instruction-only crypto news skill that uses disclosed read-only Gate MCP tools, with minor provenance notes around external shared rule files and optional local maintenance.

This appears reasonable to install if you trust the Gate MCP services you connect it to. Before using repository-only maintenance features, review the local shared runtime files and update scripts, and treat the output as explanatory market context rather than trading advice.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

The agent may call Gate News/Gate Info data tools to answer price-move questions, but the artifacts do not show account changes, trading, or credential use.

Why it was flagged

The skill relies on external MCP tools, but the documented tools are read-only and directly support the event-explanation workflow.

Skill content
MCP Tools Used ... Query Operations (Read-only) ... info_marketsnapshot_get_market_snapshot ... info_onchain_get_token_onchain ... news_events_get_event_detail ... news_feed_search_news
Recommendation

Use it only with a trusted Gate MCP server and remember that the result is explanatory market context, not an instruction to trade.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

If those local shared files or scripts exist in your environment, they can influence how the agent runs this skill or update the local skill copy after approval.

Why it was flagged

The skill references shared runtime rule files and optional update scripts that are not included in the listed bundle. The update path is described as optional, repository-only, user-approved, and scoped to the skill directory, which keeps this as a notice rather than a material concern.

Skill content
Read `../gate-runtime-rules.md` ... Also read `../info-news-runtime-rules.md` ... If `scripts/update-skill.*` exists ... Ask the user before `apply`.
Recommendation

Review any local shared runtime files or repository update scripts before relying on them, and do not approve an update unless you trust its source.