Scan Report
0 /100
gate-exchange-spot
Gate spot trading and account operations skill for buy/sell crypto on spot, check account value, or place conditional/trigger orders
This is a well-designed Gate.io spot trading skill with comprehensive security guardrails, mandatory confirmation gates, strict MCP tool scoping, and explicit credential handling policies. No executable code, suspicious patterns, or undeclared capabilities found.
Safe to install
No action required. This skill follows security best practices with mandatory confirmation gates before trades, credential isolation via environment variables, and explicit tool scope restrictions.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access declared or inferred; skill uses only MCP tools |
| Network | NONE | NONE | — | No direct network calls; relies on Gate MCP server which handles API communicati… |
| Shell | NONE | NONE | — | No shell commands, scripts, or subprocess calls in skill |
| Environment | READ | READ | ✓ Aligned | SKILL.md requires GATE_API_KEY, GATE_API_SECRET via environment; never asks user… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation documented |
| Clipboard | NONE | NONE | — | No clipboard access documented or observed |
| Browser | NONE | NONE | — | No browser automation; only MCP tool usage |
| Database | NONE | NONE | — | No database access; operates via Gate exchange API |
2 findings
Medium External URL 外部 URL
https://www.gate.com README.md:64 Medium External URL 外部 URL
https://www.gate.com/myaccount/profile/api-key/manage SKILL.md:81 File Tree
6 files · 64.9 KB · 1184 lines Markdown 6f · 1184L
├─
▾
references
│ ├─
gate-runtime-rules.md
Markdown
│ ├─
mcp.md
Markdown
│ └─
scenarios.md
Markdown
├─
CHANGELOG.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Comprehensive SKILL.md with 36 documented scenarios and clear expected/unexpected behavior
✓ Mandatory confirmation gate before any trade execution (order draft + explicit confirmation required)
✓ Single-use confirmation policy with invalidation on parameter/topic change
✓ Per-leg confirmation requirement for multi-leg flows (e.g., buy then sell)
✓ API keys stay in environment variables; explicitly prohibits pasting secrets in chat
✓ Strict MCP tool scope: only documented Gate tools are allowed
✓ Clear error handling with degradation to read-only mode on auth/API failures
✓ Extensive safety rules for all-in orders, condition-based trades, and trigger orders
✓ No executable code (scripts, binaries) - pure documentation and configuration
✓ Published by Gate.io with public repository (github.com/gate/gate-skills)
✓ Clear routing boundaries: futures/DEX routed elsewhere, no scope creep