Security audit

Gate Exchange LaunchPool Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Gate LaunchPool use, but it combines financial account authority with mutable external runtime rules and some under-scoped financial disclosures.

Review this before installing because it can use authenticated Gate access to stake or redeem funds. Install only if you trust the Gate MCP source and the linked Gate runtime-rules repository, use the least privilege available, never paste API secrets into chat, and confirm stake/redeem only when the project, pool, coin, amount, and risk notes match your intent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: This is a true issue: the file first classifies `rid` as an internal identifier that must not be displayed, but Scenario 3 later instructs the agent to show it to users. Exposing internal IDs can leak implementation details and create inconsistent behavior across flows, which may enable identifier harvesting or make later stake/redeem operations easier to target or confuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This is also a true vulnerability because the template contradicts the earlier privacy/abstraction boundary by instructing disclosure of a reward-pool ID marked as internal-only. Even if the identifier is not secret by itself, surfacing internal references to end users increases metadata exposure and can encourage unsafe downstream use of those IDs in later actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to access authenticated LaunchPool pledge and reward history, which is sensitive financial account activity, but it does not require an explicit user-consent step or any user-facing notice before querying that data. In an agent setting, this can lead to overbroad disclosure of account history from ambiguous prompts or accidental invocation of authenticated tools.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The stake preview asks for confirmation but does not explicitly warn that staking may lock funds, affect liquidity, or expose the user to program-specific terms before the transaction is executed. In a financial skill, this omission can lead users to confirm a real asset commitment without understanding withdrawal constraints, reward conditions, or possible forfeiture implications.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.