gate-exchange-unified

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included setup.sh explicitly fetches and installs a remote executable at runtime from GitHub (it queries https://api.github.com/repos/gate/gate-cli/releases/latest and downloads from https://github.com/gate/gate-cli/releases/download//), which downloads and executes remote code that the skill can rely on as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to interact with a crypto exchange's unified account APIs and includes mutation endpoints that move funds or change account financial state. It requires API keys with Unified:Write permissions and maps direct financial operations such as create_unified_loan (borrow/repay), set_unified_mode, set_user_leverage_currency_setting, set_unified_collateral, and related borrow/transfer calls. Those are specific, purpose-built financial actions (borrowing/repayment and account-mode/leverage/collateral changes) rather than generic tooling, so it grants direct financial execution capability.