Back to skill

Security audit

Gate Exchange Simple Earn

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for Gate Simple Earn, but it should be reviewed because it can perform real crypto Earn account actions while relying on mutable remote runtime instructions and some under-scoped action routing.

Install only if you trust the Gate MCP setup and are comfortable giving the agent Earn write authority. Use narrowly scoped credentials, verify the external Gate MCP and remote runtime-rules source, and require a clear action draft before confirming any subscribe, redeem, early-redeem, or min-rate change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to match generic finance terms like 'interest', 'subscribe', or 'positions', which can cause this skill to activate for unrelated user requests. In a trading/account-management context, unintended activation is risky because it may route the agent into authenticated account workflows or transactional prompts the user did not intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document exposes a state-changing redemption tool for fixed-term earn orders but provides no requirement to confirm user intent, summarize consequences, or warn about early-redemption effects before execution. In a financial skill, this omission is dangerous because an agent could redeem positions on an ambiguous or mistaken request, causing irreversible asset movement, loss of expected yield, or premature termination of locked products.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.