gate-mcp-installer

This fragment itself contains no explicit malicious logic, but it creates a high-risk execution context: it runs an npm package dynamically via `npx -y` and supplies extremely sensitive wallet/private key material directly to that dependency. The primary concerns are supply-chain integrity (unpinning/identity of the executed package) and secret exposure impact if the dependency is compromised or misbehaves. Review and harden package provenance/version pinning and ensure secrets are handled via secure, minimal-privilege mechanisms rather than embedded config.

This fragment itself contains no explicit malicious logic, but it creates a high-risk execution context: it runs an npm package dynamically via `npx -y` and supplies extremely sensitive wallet/private key material directly to that dependency. The primary concerns are supply-chain integrity (unpinning/identity of the executed package) and secret exposure impact if the dependency is compromised or misbehaves. Review and harden package provenance/version pinning and ensure secrets are handled via secure, minimal-privilege mechanisms rather than embedded config.

Best assessment: This snippet is not evidence of malware by itself—it’s a network-auth configuration. However, it hardcodes an API key (`MCP_AK_8W2N7Q`) directly in the distributed configuration, which is a significant supply-chain credential leakage risk. The bearer token is runtime-injected (`${GATE_MCP_TOKEN}`), which is safer, but outbound authenticated traffic to a third-party domain is inherently higher risk if any sensitive payload handling occurs elsewhere in the codebase.

The fragment itself contains no overt malicious logic, but it creates a high-impact risk path: it executes an externally resolved CLI via npx and passes API credentials into that process environment. The fragment should be reviewed for (a) strict dependency/version pinning and integrity verification for "gate-mcp", and (b) secure secret handling to avoid credential leakage through logs/source control or the executed tool’s behavior.

The fragment itself contains no overt malicious logic, but it creates a high-impact risk path: it executes an externally resolved CLI via npx and passes API credentials into that process environment. The fragment should be reviewed for (a) strict dependency/version pinning and integrity verification for "gate-mcp", and (b) secure secret handling to avoid credential leakage through logs/source control or the executed tool’s behavior.

Best assessment: the snippet is not evidence of overt malware, but it is a high-impact security hygiene issue because it hardcodes API credentials in configuration and passes them into an external process via environment variables. Ensure real secrets are not committed, use secret managers/CI variables, and verify the `gate-mcp` binary provenance and logging behavior. Review rotatability of any potentially exposed credentials.

SUSPICIOUS: the skill's broad trading/payment installer purpose mostly matches its capabilities, but it defaults to installing many MCP surfaces plus all gate-skills, forwards highly sensitive credentials, and includes a third-party merchant-discovery endpoint outside the Gate domain. The footprint is high-risk and broader than a minimal installer, though not clearly malicious from the provided content.