gate-dex-wallet-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The URL is a direct download of a Linux executable from a GitHub release (curl + chmod), which can be safe if from a verified, well-known project but is inherently risky when the repository/maintainer and release artifacts are not independently verified (no checksum/signature shown) — direct binaries can be used to distribute malware.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet CLI with built-in signing and broadcasting of on-chain transactions. It provides specific commands to transfer/send tokens (EVM + Solana), sign raw transactions/messages, and perform one-shot swaps that preview → checkin → sign → broadcast. Those are direct financial execution capabilities (moving funds, swapping tokens, signing/broadcasting transactions). This meets the "Direct Financial Execution" criteria (crypto/wallet operations, transaction send/broadcast, signing).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill includes explicit installation commands that write a binary into /usr/local/bin and change file permissions (chmod), which are system-level modifications that typically require elevated privileges and thus encourage changing the machine's state.