gate-dex-mcptransfer

The Gate Wallet Transfer Skill presents a coherent, purpose-driven workflow for secure on-chain transfers with mandatory user confirmation, server-side signing, and multi-chain support. The data flows and credential handling (mcp_token) are consistent with its stated purpose. There are no clear supply-chain or credential-harvesting patterns, and the architecture relies on trusted MCP servers. The main security considerations are ensuring secure transmission of sensitive data to MCP endpoints, strict access to raw unsigned transaction data (as noted in policy), and proper handling of batch confirmations to avoid partial unintended transfers. Overall, the skill is BENIGN with MEDIUM securityRisk due to reliance on external MCP services and server-side signing, but not enabling autonomous, unapproved actions or exfiltration patterns.