Back to skill

Security audit

Gate Exchange Unified Account

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Gate unified-account helper for crypto margin/account operations, with sensitive write actions gated by explicit user confirmation.

Install only if you intend to let an agent assist with Gate unified-account margin operations. Use a dedicated, tightly scoped Gate API key, verify the Gate MCP server source, and review every Action Draft carefully before confirming borrow, repay, leverage, mode, or collateral changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match common financial queries without strong scope boundaries, which can cause the skill to activate when the user did not explicitly intend Gate unified-account operations. In a skill that can eventually perform loan, leverage, collateral, and mode-switching mutations, unintended invocation increases the chance of the assistant steering the conversation into sensitive trading actions or using the wrong tool context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.