gate-mcp-claude-installer

The fragment itself contains no overt malicious logic, but it creates a high-impact risk path: it executes an externally resolved CLI via npx and passes API credentials into that process environment. The fragment should be reviewed for (a) strict dependency/version pinning and integrity verification for "gate-mcp", and (b) secure secret handling to avoid credential leakage through logs/source control or the executed tool’s behavior.

Overall this skill appears coherent with its stated installer purpose and not overtly malicious. The main risks are broad default scope, transitive installation of all Gate skills, and trust in same-org GitHub/script distribution plus remote gatemcp.ai service endpoints; this is better classified as suspicious-to-medium-risk installer behavior than malware.