Skills
skills/gate/gate-skills/gate-mcp-cursorinstaller/Gen Agent Trust Hub

gate-mcp-cursorinstaller

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a shell script (scripts/install.sh) to manage Cursor configuration files and install skills. It uses node -e to programmatically merge JSON configuration data into the user's mcp.json file.
  • [EXTERNAL_DOWNLOADS]: The installer fetches the gate-mcp package from the NPM registry via npx and clones the gate-skills repository from the vendor's GitHub organization. These resources are consistent with the identified vendor infrastructure.
  • [CREDENTIALS_UNSAFE]: A hardcoded API key (MCP_AK_8W2N7Q) is present in the script and documentation. This is described as a built-in credential specifically for the Gate-Wallet MCP service provided by the vendor.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 07:51 AM