ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kalshi api

v1.0.0

Read-only Kalshi API skill for market discovery, liquidity checks, and market validation. Use for scanning and ranking Kalshi opportunities. Pair with a sepa...

1· 216·0 current·0 all-time
byBen@brs999
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read-only market discovery, liquidity checks, validation) match the included Node script and test files. The script only issues GET requests to Kalshi OpenAPI endpoints and prints JSON; required binary 'node' is appropriate and proportional.
Instruction Scope
SKILL.md restricts usage to read endpoints and documents the exact CLI commands to run. The only scope caveat is an optional KALSHI_BASE_URL environment override (documented) which can redirect requests to a different HTTP endpoint for testing — this is expected for dev/testing but could be misused if pointed at an untrusted server.
Install Mechanism
No install spec; skill is instruction + small included scripts. No remote downloads or package installs are requested, minimizing install-time risk.
Credentials
No required environment variables or credentials. The single optional env var KALSHI_BASE_URL is documented and reasonable for testing; there are no hidden env accesses in the code.
Persistence & Privilege
Skill is not always-enabled and declares disable-model-invocation: true, so it cannot be autonomously invoked by the model. It does not modify other skills or system settings.
Assessment
This skill appears to do only read-only Kalshi API queries and is consistent with its description. Before installing, ensure you have a trusted Node runtime and network policy in place. Be cautious about setting KALSHI_BASE_URL to arbitrary URLs (only point it to trusted Kalshi or test endpoints), and review the small included script if you want extra assurance. Because disable-model-invocation is true, the skill cannot be invoked autonomously by the model — you'll need to call it explicitly.
tests/kalshi-api.test.mjs:11
Shell command execution detected (child_process).
scripts/kalshi-api.mjs:8
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jgcpycrj41gwyrt3kknp8h82rnye

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnode

Comments