Skills
skills/gate/gate-skills/gate-mcp-cursor-installer/Gen Agent Trust Hub

gate-mcp-cursor-installer

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bash script (scripts/install.sh) to automate the configuration of the Cursor editor environment. It creates local directories and modifies the mcp.json file to register MCP servers.
  • [EXTERNAL_DOWNLOADS]: The installer fetches the gate-skills repository from the vendor's GitHub organization (github.com/gate/gate-skills) and utilizes npx to execute the gate-mcp package from the NPM registry. These resources are consistent with the skill's stated purpose and author context.
  • [REMOTE_CODE_EXECUTION]: The script employs a local Node.js process (node -e) to merge JSON configuration fragments into the user's existing mcp.json file. This dynamic execution is restricted to data processing and configuration management.
  • [CREDENTIALS_UNSAFE]: The installer prompts the user to manually enter their Gate API Key and Secret for spot/futures trading. This sensitive information is stored locally within the Cursor configuration file to enable the MCP server's functionality and is not transmitted to unauthorized third parties.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:01 AM