Skills
skills/gate/gate-skills/gate-mcp-claude-installer/Gen Agent Trust Hub

gate-mcp-claude-installer

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes a hardcoded API key (MCP_AK_8W2N7Q) within the SKILL.md and scripts/install.sh files, which is used for the Gate-Dex MCP server configuration.
  • [REMOTE_CODE_EXECUTION]: The scripts/install.sh script downloads code from a remote Git repository (https://github.com/gate/gate-skills.git) and installs it directly into the local agent skills directory for execution.
  • [COMMAND_EXECUTION]: The installer performs several system-level actions, including the global installation of the npx package (npm install -g npx) and the programmatic modification of the Claude CLI configuration file (~/.claude.json).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 04:18 AM