gate-exchange-activitycenter Security Report — Trusted | ClawSafe

5 /100

gate-exchange-activitycenter

Gate platform activity and campaign hub skill for trading competitions, airdrops, and enrolled activities

This is a read-only Gate Exchange activity center skill that only uses documented MCP tools to query platform activities. No shell execution, file operations, or data exfiltration detected.

Skill Namegate-exchange-activitycenter

Duration26.2s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in skill
Network	`NONE`	`NONE`	—	Only uses MCP tools, no direct network calls
Shell	`NONE`	`NONE`	—	No shell execution detected
Environment	`NONE`	`NONE`	—	No direct env access
Skill Invoke	`READ`	`READ`	✓ Aligned	Read-only MCP tool invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser tools used
Database	`NONE`	`NONE`	—	No database access

5 findings

🔗

Medium External URL 外部 URL

https://www.gate.com

README.md:43

🔗

Medium External URL 外部 URL

https://www.gate.com/myaccount/profile/api-key/manage

SKILL.md:62

🔗

Medium External URL 外部 URL

https://www.gate.com/competition/xxx

SKILL.md:212

🔗

Medium External URL 外部 URL

https://www.gate.com/campaigns/xxx

SKILL.md:213

🔗

Medium External URL 外部 URL

https://www.gate.com/campaigns/cheney_alpha152

SKILL.md:238

File Tree

6 files · 27.2 KB · 715 lines

Markdown 6f · 715L

├─ ▾ 📁 references

│ ├─ 📝 gate-runtime-rules.md Markdown 35L · 1.7 KB

│ ├─ 📝 mcp.md Markdown 65L · 1.7 KB

│ └─ 📝 scenarios.md Markdown 135L · 4.3 KB

├─ 📝 CHANGELOG.md Markdown 51L · 2.0 KB

├─ 📝 README.md Markdown 43L · 2.3 KB

└─ 📝 SKILL.md Markdown 386L · 15.2 KB

Security Positives

✓ Read-only skill with no write operations

✓ Only uses documented MCP tools (cex_activity_list_activities, cex_activity_get_my_activity_entry, cex_activity_list_activity_types)

✓ No shell execution, subprocess, or eval usage

✓ No file system access or file operations

✓ No direct network calls (curl/wget)

✓ No credential harvesting beyond declared API keys

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No base64 encoding/decoding with shell execution

✓ Comprehensive documentation with explicit safety rules

✓ Well-structured error handling and response templates

Scan Report

File Tree

Security Positives