gate-cli-installer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The setup.sh installer fetches and installs a remote binary at runtime (it queries https://api.github.com/repos/gate/gate-cli/releases/latest and downloads from https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE} via curl), which results in executing remote code provided by those URLs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly installs and configures "gate-cli" and associated "gate-skills" which are described as a CLI for CEX (centralized exchange) and DEX/wallet flows. The prompt instructs how to set API keys/secrets (gate-cli config init, config set api-key / api-secret), references Gate API key management, and refers to "tx check-in" / wallet/DEX flows backed by gate-cli. This is a specific toolchain intended to interact with a crypto exchange and wallets (i.e., to sign/send transactions and perform exchange operations), not a generic utility—therefore it enables direct financial execution.