gate-mcp-cursor-installer

Best assessment: This snippet is not evidence of malware by itself—it’s a network-auth configuration. However, it hardcodes an API key (`MCP_AK_8W2N7Q`) directly in the distributed configuration, which is a significant supply-chain credential leakage risk. The bearer token is runtime-injected (`${GATE_MCP_TOKEN}`), which is safer, but outbound authenticated traffic to a third-party domain is inherently higher risk if any sensitive payload handling occurs elsewhere in the codebase.

SUSPICIOUS: The skill's core purpose matches installing Gate MCPs in Cursor, and the endpoints/install sources are same-org and mostly consistent. However, default installation of all Gate skills, mutable-branch cloning, unpinned installs, and a hardcoded DEX API key make the footprint broader and riskier than a simple MCP installer should be.

The fragment itself contains no overt malicious logic, but it creates a high-impact risk path: it executes an externally resolved CLI via npx and passes API credentials into that process environment. The fragment should be reviewed for (a) strict dependency/version pinning and integrity verification for "gate-mcp", and (b) secure secret handling to avoid credential leakage through logs/source control or the executed tool’s behavior.