Skills
skills/gate/gate-skills/gate-mcp-cursorinstaller/Snyk

gate-mcp-cursorinstaller

Fail

Audited by Snyk on Mar 11, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt embeds a fixed API key ("MCP_AK_8W2N7Q") and instructs writing it verbatim into the mcp.json/config and install scripts, requiring the LLM to handle and emit the secret directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The bundle includes executing code from an unverified npm package via "npx -y gate-mcp", running install scripts pulled from GitHub repos of an unfamiliar "gate" account, and contacting a non-standard api.gatemcp.ai domain with a hard-coded API key — all of which allow arbitrary code execution or credential misuse and are therefore suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The install script (scripts/install.sh) and SKILL.md explicitly clone and install the public GitHub repository https://github.com/gate/gate-skills (copying its skills into ~/.cursor/skills) which imports untrusted, third‑party user-generated code that the agent will load and could change subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The install script explicitly clones and installs remote skills from https://github.com/gate/gate-skills.git at runtime, which pulls in external code that will be loaded/executed by the agent and can directly control prompts/behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The doc explicitly hardcodes an x-api-key value for the Wallet MCP: "MCP_AK_8W2N7Q". This is presented as a fixed API key that will be written into ~/.cursor/mcp.json, and it is not a placeholder like YOUR_API_KEY nor a trivial setup password. The string is not obviously low-entropy or clearly labeled as an example, so it qualifies as a hardcoded credential.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly configures and installs a "Gate-Wallet" MCP with a concrete API endpoint (https://api.gatemcp.ai/mcp/wallet) and a fixed x-api-key (MCP_AK_8W2N7Q). This is a specific crypto/wallet integration (explicitly a wallet MCP), not a generic installer or generic HTTP caller. Because it provides a direct, named wallet API endpoint and credentials in its configuration, it enables direct financial/crypto operations once installed and thus meets the criteria for Direct Financial Execution.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 11, 2026, 07:51 AM