gate-exchange-crossex
Warn
Audited by Snyk on Apr 26, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires reading and following the shared runtime rules and performing an auto-update check at runtime from https://github.com/gate/gate-skills/blob/master/skills/gate-runtime-rules.md (and the repo https://github.com/gate/gate-skills), so remote GitHub content would be fetched at runtime and could change the agent's prompts/instructions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading and fund movement across crypto exchanges via the gate-cli. It lists authenticated, write-capable commands such as
order create,order cancel,transfer create,convert create,position set-leverageand other execution operations, and requires API keys for authenticated calls. These are specific financial execution tools (market orders, cross-exchange transfers, flash converts) intended to move or change user funds/positions, so it grants Direct Financial Execution authority.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata