gate-mcp-claude-installer

The skill presents a coherent orchestration for installing Gate MCP and all gate-skills, but it exhibits several security concerns that keep it at a suspicious-to-moderate risk level. The most notable issues are: embedding a fixed API key for Gate-Dex in client-side config, potential unverified remote code execution during installation, and credential exposure risk through local config files. The overall footprint is proportionate to its stated purpose (one-click install) but the data flows and credential handling are not strictly constrained or verified, which warrants heightened scrutiny and mitigations (use of signed releases, per-session keys, explicit integrity checks, and minimized local credential exposure). Therefore, classification leans toward SUSPICIOUS with notable securityRisk and moderate malware risk until mitigations are clearly demonstrated.