gate-mcp-cursor-installer
Audited by Snyk on Mar 14, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt embeds a fixed API key literal (MCP_AK_8W2N7Q) into the config and instructs writing Authorization/Bearer API keys (and prompting users to create/set API_KEY/SECRET), which forces the assistant to include secret values verbatim in generated configs/commands.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The URLs point to GitHub repositories and gate.com/api endpoints that look plausible but the skill instructs running remote install scripts and an npx package (executing unreviewed code) and embeds fixed API credentials, so while not obviously malicious they present a significant risk unless the repos and npm package are verified first.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). This skill's installer explicitly clones and installs all skills from the public GitHub repo https://github.com/gate/gate-skills (see SKILL.md/README and scripts/install.sh), causing the agent to ingest and load untrusted third-party code that can influence runtime behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The installer script performs a runtime git clone of https://github.com/gate/gate-skills.git (and writes a config that may launch
npx -y gate-mcp/ https://github.com/gate/gate-mcp), which fetches external code at install/runtime that will be installed as Cursor "skills" (controlling agent prompts/behavior) and can execute remote code via npx—so this is a required, runtime-fetched dependency that directly controls agent behavior.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). The document contains a literal, hardcoded API key value: "MCP_AK_8W2N7Q". It is described as a fixed x-api-key for the Gate-Dex endpoint and explicitly written into mcp.json, which makes it a directly present, potentially usable credential (not an obvious placeholder or low-entropy setup password).
Ignored items:
- GATE_MCP_TOKEN, GATE_API_KEY, GATE_API_SECRET are referenced as environment variables/placeholders and are not actual secret values in the text.
- Other strings (e.g., command strings, URLs, or example instructions) are documentation/configuration and not high-entropy credentials.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly installs Gate exchange MCPs (including Gate-Dex) and documents configuration for API keys and wallet authorization for trading. It instructs users to create GATE_API_KEY and GATE_API_SECRET for spot/futures trading and to bind a wallet for Gate-Dex OAuth. The installer writes Dex endpoints and auth headers (fixed x-api-key and Authorization/Bearer token) into the runtime config. These are specific crypto/trading integrations (wallets, exchange API keys, trading endpoints), not generic tooling, so it enables direct financial/crypto execution capabilities.
Issues (6)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).