gate-exchange-bot

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup.sh actively fetches and installs a remote executable at runtime (it queries https://api.github.com/repos/gate/gate-cli/releases/latest and downloads from https://github.com/gate/gate-cli/releases/download/${VERSION}/${ARCHIVE}), which pulls and executes remote code (gate-cli) that the skill requires.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides write-capable CLI commands for creating and managing trading bots on a crypto exchange (e.g., spot-grid, margin-grid, futures-grid, spot-martingale, contract-martingale create, and portfolio stop). It requires exchange API credentials (GATE_API_KEY / GATE_API_SECRET) and Bot:Write permissions. These are specific, purpose-built financial operations on an exchange (crypto trading/strategy execution), not generic tooling, and therefore constitute direct financial execution capability.