Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Kalshi Trader
v1.0.0Automated Kalshi prediction market trading bot. Sets up a fully automated trading system that scans markets every 15 minutes, researches opportunities using...
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description promise a fully automated Kalshi trading bot that researches, places trades, monitors positions, and sends Telegram summaries. The code (scripts/kalshi_bot.py) supports authenticated API calls and has helper functions to place orders and log trades, which is consistent with a trading tool, but the main CLI only scans markets, prints candidates, and provides a summary — it does not perform automatic research, autonomous trade placement, position monitoring, or Telegram notifications as claimed. Storing an RSA private key and key id is appropriate for signing Kalshi requests, so those credential requirements are proportionate to a trading bot, but the overall capability is overstated compared to the implementation.
Instruction Scope
SKILL.md instructs installation, creating ~/.kalshi private key files, setting up cron jobs that run every 15 minutes and daily summaries, and directs the agent to use web_fetch/web_search for research. The instructions also describe strict entry/exit rules and research workflows not enforced by the code. The cron prompt and docs reference automated behavior and notification-only-on-trade semantics, but the shipped script will not autonomously execute trades or send Telegram messages. Also, references/api.md shows reading keys from /root/.kalshi while the code uses the user's home (~/.kalshi) — a path inconsistency. The install step suggests using pip with --break-system-packages which is an unusual flag to include in a generic README and may confuse less experienced users.
Install Mechanism
There is no packaged install spec; SKILL.md instructs the user to run pip install cryptography requests. That is reasonable for a Python script, but the explicit use of the pip flag --break-system-packages is atypical and should be reconsidered or explained. Because this is instruction-only with a small script, there is no archive download or opaque install URL — lower installation risk overall.
Credentials
The skill does not request environment variables or unrelated credentials. It explicitly asks the user to store an RSA private key and a key id in ~/.kalshi which matches the Kalshi API auth mechanism shown in references/api.md. The only proportionality concern is the inconsistent example path in references/api.md (/root/.kalshi) versus the script and SKILL.md (~/.kalshi). The skill writes a local log (~/kalshi_trades.json) which is expected for trading history but may contain sensitive trade data.
Persistence & Privilege
always is false; the skill does not request elevated or persistent platform-wide privileges. It only reads ~/.kalshi files and writes a local log file. It does not modify other skills or system-wide configurations. Autonomous invocation (disable-model-invocation=false) is normal but not combined with other high-risk flags.
What to consider before installing
This package contains a plausible Kalshi client and sensible trading rules, but it does NOT implement the full automated behavior described in the docs (no auto-research, no automatic order execution loop, no Telegram reporting). Before installing or running: 1) Treat the RSA private key you create as highly sensitive — store it with strict permissions and do not run the bot as root. 2) Inspect the script yourself (it’s small) and test with the 'test' command to confirm API connectivity. 3) If you expect fully automated trading or Telegram notifications, implement and review those features first — the current code will only scan and print candidates. 4) Fix the path inconsistency (/root/.kalshi vs ~/.kalshi) in docs to avoid misplacing keys. 5) Remove or explain the pip --break-system-packages flag if you are not using a constrained environment. 6) Run initial scans in a limited/test account or sandbox and monitor activity (cron jobs should be configured only after you trust the behavior). If you want, ask for a follow-up review after the author supplies a version that actually performs autonomous trading and reporting so I can re-evaluate.Like a lobster shell, security has layers — review code before you run it.
latestvk97d7dapn2epmp8g4htt1vj9b183tcxz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.