gate-mcp-openclawinstaller

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill configures and calls public Gate MCP endpoints (e.g., https://api.gatemcp.ai/mcp/news and https://api.gatemcp.ai/mcp/info) — shown in SKILL.md and scripts/install.sh — and explicitly uses commands like "mcporter call gate-news.list_news" that cause the agent to fetch and interpret untrusted public news/market data which could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installer registers a stdio server that uses the command "npx -y gate-mcp", which will fetch and execute remote package code from the npm registry (e.g. https://registry.npmjs.org/) at runtime, so this is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency exchange operations. It installs Gate.com MCP servers that expose trading and wallet endpoints (e.g., gate for spot/futures/options trading and gate-wallet for wallet operations). The README shows example commands for trading and listing balances, and the API key setup explicitly lists permissions including "Trade" and "Withdraw". Those are specific, actionable financial APIs (market orders, wallet/withdraw operations), not generic tooling. Therefore it grants direct financial execution capability.