Skills
skills/gate/gate-skills/gate-mcp-cursor-installer/Gen Agent Trust Hub

gate-mcp-cursor-installer

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash installer script (scripts/install.sh) to automate environment setup. This script performs file system operations, such as creating the .cursor/skills directory and merging JSON fragments into the mcp.json configuration file using a Node.js utility.
  • [EXTERNAL_DOWNLOADS]: During installation, the script clones the vendor's official repository from https://github.com/gate/gate-skills.git to populate the local skills directory. This is a documented step to provide the agent with additional capabilities.
  • [REMOTE_CODE_EXECUTION]: The installer configures the IDE to launch the Gate MCP server using npx -y gate-mcp. This command dynamically fetches the latest version of the gate-mcp package from the npm registry and executes it, which is the intended method for running the local CEX server.
  • [CREDENTIALS_UNSAFE]: The configuration fragment for the Gate-Dex service (scripts/mcp-fragments/cursor/gate-dex.json) contains a hardcoded API key (MCP_AK_8W2N7Q). Based on the installer context, this appears to be a shared access key for the public DEX endpoint rather than a sensitive private credential.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:22 AM