ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kalshi Agent

Kalshi prediction market agent - analyzes markets and executes trades via the Kalshi v2 API

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 1.2k · 2 current installs · 2 all-time installs
by@jthomasdevs
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to wrap the kalshi-cli tool to trade on Kalshi, which fits the stated purpose. However, the manifest and SKILL.md disagree about required artifacts: SKILL.md and install.sh require an RSA private key at ~/.kalshi/private_key.pem (used for signing) but the registry metadata lists no required config paths. The skill also declares Python requirements (python3, pip, and a Python package 'cryptography') while installation and README center on an npm package (kalshi-cli). These mismatches are disproportionate and unexplained for the simple wrapper described.
Instruction Scope
The runtime instructions and README focus on installing the kalshi-cli npm package, placing a private RSA key in ~/.kalshi/private_key.pem, and setting KALSHI_ACCESS_KEY. They do not instruct reading unrelated system files or exfiltrating data. The instructions are concrete and limited to the Kalshi CLI's configuration and usage.
Install Mechanism
Installation (install.sh and documentation) installs kalshi-cli via npm (npm install -g kalshi-cli), which is a standard registry install. No downloads from arbitrary URLs or extract steps are used. That is expected for a CLI wrapper, but the presence of python3/pip and a Python package declaration in SKILL.md is inconsistent with the npm-centric install and isn't backed by any install steps.
!
Credentials
The registry lists a single required env var (KALSHI_ACCESS_KEY), which is appropriate for Kalshi access keys — but SKILL.md and install.sh also require a private RSA key file (~/.kalshi/private_key.pem). That file path was NOT declared in the registry metadata. Additionally, SKILL.md declares a Python package dependency ('cryptography>=41.0.0') even though no Python code is included; these unexplained credential/file requirements increase risk and should be justified.
Persistence & Privilege
The skill does not request 'always: true' and will not be force-included. install.sh writes a ~/.kalshi/.env file only if one does not exist and prompts the user to place private keys in ~/.kalshi/private_key.pem; this is expected for a CLI configuring API keys. The skill does not modify other skills or system-wide configs beyond the user's home directory and a global npm install (which is normal for CLI tools).
What to consider before installing
Before installing, get clarification from the publisher about several mismatches: (1) why does SKILL.md/metadata list python3/pip and the Python 'cryptography' package when the tool is installed from npm? (2) The SKILL.md and install script expect an RSA private key at ~/.kalshi/private_key.pem but that config path is not listed in the registry metadata — confirm that this private key is required and understand how it's used. Verify the kalshi-cli package source (the README points to a GitHub repo) and inspect its code for how it stores/transmits your access key and private key. Only install if you trust the kalshi-cli package owner; ensure your RSA private key is generated/stored securely (use a dedicated key, not one used elsewhere) and avoid pasting secrets into untrusted scripts. If you need this skill but cannot verify the source, request a version with a clear, auditable install spec (including any Python deps) and an explicit declaration of required files/credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.5.0
Download zip
kalshivk97des1m6ebhcc7asxbvdjt5hx80ra2ylatestvk970g2e63qb169cb3aayg9jdzn80xpkemarketvk97des1m6ebhcc7asxbvdjt5hx80ra2ymarketsvk97des1m6ebhcc7asxbvdjt5hx80ra2ypredicitionsvk97des1m6ebhcc7asxbvdjt5hx80ra2ytradingvk97des1m6ebhcc7asxbvdjt5hx80ra2y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎰 Clawdis
OSmacOS · Linux · Windows
Binspython3, pip
EnvKALSHI_ACCESS_KEY

SKILL.md

Kalshi Agent Skill

CLI tool for trading prediction markets on Kalshi.

Installation

npm install -g kalshi-cli

Configuration

  1. Get API credentials at: https://kalshi.com/api
  2. Place your RSA private key at ~/.kalshi/private_key.pem
  3. Set your access key in ~/.kalshi/.env:
KALSHI_ACCESS_KEY=your_access_key_id

Or run kalshi setup-shell to add it to your shell config.

Commands

Browse & Research

# List open markets (default 20)
kalshi markets
kalshi markets -l 50
kalshi markets --status settled

# Search by keyword, ticker, or category
kalshi search "Super Bowl"
kalshi search soccer
kalshi search hockey
kalshi search KXWO-GOLD-26

# Search with filters
kalshi search politics --min-odds 5     # hide markets where either side < 5%
kalshi search soccer --expiring          # sort by soonest expiry, show expiry column
kalshi search soccer -e -m 2 -l 20      # combine flags: expiring, 2% min-odds, 20 results

# Browse all active series (interactive — pick a number to drill down)
kalshi series
kalshi series soccer
kalshi series --all                      # include series with no active markets
kalshi series -e                         # sort by soonest expiry

# View single market detail
kalshi detail KXWO-GOLD-26-NOR

# View orderbook depth
kalshi orderbook KXWO-GOLD-26-NOR

Search Behavior

Search uses a multi-strategy approach:

  1. Direct ticker lookup — tries the query as a market ticker, event ticker (KX prefix), or series ticker
  2. Series matching — dynamically searches all Kalshi series by title, category, and tags (e.g. "soccer" matches series tagged "Soccer")
    • If many series match, shows an interactive numbered list — enter a number to drill into that series' markets
    • If few series match, fetches and displays markets directly
  3. Market title search — falls back to searching open market titles/tickers

Common sport/category aliases are expanded automatically (e.g. "nfl" also searches "football").

Interactive Series Lists

Both kalshi search and kalshi series display numbered tables when listing series. After the table, you're prompted:

Enter # to drill down (or q to quit):

Pick a number to load that series' open markets inline. The prompt loops so you can explore multiple series without re-running the command.

Portfolio

# Check balance
kalshi balance

# View positions
kalshi positions

# View open orders
kalshi orders

Trading

# Buy 10 YES contracts at 68c each
kalshi buy KXSB-26 10 68

# Buy NO contracts
kalshi buy KXWO-GOLD-26-NOR 5 32 --side no

# Sell (same syntax)
kalshi sell KXWO-GOLD-26-NOR 5 40 --side no

# Skip confirmation prompt
kalshi buy KXSB-26 10 68 --force

# Cancel an open order
kalshi cancel <order-id>

Notes

  • Prices are in cents (68 = $0.68 = 68% implied probability)
  • Prices display as both dollars and percentages (e.g. $0.68 (68%))
  • --side defaults to yes if not specified
  • buy and sell show a cost/proceeds summary and ask for confirmation (bypass with --force)
  • --min-odds / -m filters out markets where either side's bid is below a percentage threshold (default 0.5%)
  • --expiring / -e sorts results by soonest expiry, adds an "Expires" column, and excludes already-expired entries
  • Expiry times are human-readable: "8h 35m", "Fri 04:00PM", "Apr 01", "Jan 01, 2027"
  • Event tickers start with KX (e.g. KXWO-GOLD-26); market tickers have more segments (e.g. KXWO-GOLD-26-NOR)
  • Market tables show outcome names (e.g. "Norway" instead of raw tickers) when available

API Reference

Full API docs: https://docs.kalshi.com/api-reference/

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…