gate-exchange-dual

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup.sh fetches and installs the gate-cli binary at runtime (it queries https://api.github.com/repos/gate/gate-cli/releases/latest and downloads from https://github.com/gate/gate-cli/releases/download/...), which downloads and installs remote executable code that the skill requires to operate, so this is a high-risk runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for a crypto exchange dual-investment product and includes a write-capable CLI command for placing orders. It requires API key/secret credentials and Earn:Write permissions, and documents the exact execution operation: gate-cli cex earn dual place (params: plan_id, amount, text). This is a specific financial API meant to move/allocate funds and create investment orders (not a generic HTTP or browser tool). Therefore it grants direct financial execution authority.