gate-mcp-claude-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The installer explicitly clones and installs all skills from the public GitHub repository https://github.com/gate/gate-skills (see SKILL.md "Pull all subdirectories..." and scripts/install.sh which runs git clone and copies to ~/.claude/skills), which causes the agent to load third‑party/user‑provided skill code that can materially change assistant behavior and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install script cloness and installs code at runtime from https://github.com/gate/gate-skills.git (and may run remote package code via npx -y gate-mcp which pulls the gate-mcp package), so external content fetched during runtime will install/execute code that directly controls loaded Claude Code skills/MCP behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The installer explicitly provisions and configures Gate exchange components (Gate main, Gate-Dex) and gate-skills, and it instructs the user to obtain and set exchange API credentials (GATE_API_KEY and GATE_API_SECRET) for spot/futures trading. It also references web3 wallet binding/OAuth for Gate-Dex and includes fixed API keys/authorization headers in the MCP config. These are specific, finance-focused integrations (crypto exchange/wallet and trading APIs) that enable programmatic trading/wallet access — i.e., direct financial execution capability.