gate-exchange-spot 安全扫描报告 — 可信 | ClawSafe

0 /100

gate-exchange-spot

Gate spot trading and account operations skill for buy/sell crypto on spot, check account value, or place conditional/trigger orders

This is a well-designed Gate.io spot trading skill with comprehensive security guardrails, mandatory confirmation gates, strict MCP tool scoping, and explicit credential handling policies. No executable code, suspicious patterns, or undeclared capabilities found.

技能名称gate-exchange-spot

分析耗时32.6s

引擎pi

✓

可以安装

No action required. This skill follows security best practices with mandatory confirmation gates before trades, credential isolation via environment variables, and explicit tool scope restrictions.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access declared or inferred; skill uses only MCP tools
网络访问	`NONE`	`NONE`	—	No direct network calls; relies on Gate MCP server which handles API communicati…
命令执行	`NONE`	`NONE`	—	No shell commands, scripts, or subprocess calls in skill
环境变量	`READ`	`READ`	✓ 一致	SKILL.md requires GATE_API_KEY, GATE_API_SECRET via environment; never asks user…
技能调用	`NONE`	`NONE`	—	No cross-skill invocation documented
剪贴板	`NONE`	`NONE`	—	No clipboard access documented or observed
浏览器	`NONE`	`NONE`	—	No browser automation; only MCP tool usage
数据库	`NONE`	`NONE`	—	No database access; operates via Gate exchange API

2 项发现

🔗

中危外部 URL 外部 URL

https://www.gate.com

README.md:64

🔗

中危外部 URL 外部 URL

https://www.gate.com/myaccount/profile/api-key/manage

SKILL.md:81

目录结构

6 文件 · 64.9 KB · 1184 行

Markdown 6f · 1184L

├─ ▾ 📁 references

│ ├─ 📝 gate-runtime-rules.md Markdown 45L · 2.4 KB

│ ├─ 📝 mcp.md Markdown 135L · 5.4 KB

│ └─ 📝 scenarios.md Markdown 512L · 28.8 KB

├─ 📝 CHANGELOG.md Markdown 55L · 2.8 KB

├─ 📝 README.md Markdown 64L · 2.7 KB

└─ 📝 SKILL.md Markdown 373L · 22.8 KB

安全亮点

✓ Comprehensive SKILL.md with 36 documented scenarios and clear expected/unexpected behavior

✓ Mandatory confirmation gate before any trade execution (order draft + explicit confirmation required)

✓ Single-use confirmation policy with invalidation on parameter/topic change

✓ Per-leg confirmation requirement for multi-leg flows (e.g., buy then sell)

✓ API keys stay in environment variables; explicitly prohibits pasting secrets in chat

✓ Strict MCP tool scope: only documented Gate tools are allowed

✓ Clear error handling with degradation to read-only mode on auth/API failures

✓ Extensive safety rules for all-in orders, condition-based trades, and trigger orders

✓ No executable code (scripts, binaries) - pure documentation and configuration

✓ Published by Gate.io with public repository (github.com/gate/gate-skills)

✓ Clear routing boundaries: futures/DEX routed elsewhere, no scope creep