Back to skill
Skillv1.0.0
ClawScan security
kalshi api · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 6:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a simple, read‑only Kalshi API reader whose requirements and instructions match its description — no unexplained credential or install demands were found.
- Guidance
- This skill appears to do only read-only Kalshi API queries and is consistent with its description. Before installing, ensure you have a trusted Node runtime and network policy in place. Be cautious about setting KALSHI_BASE_URL to arbitrary URLs (only point it to trusted Kalshi or test endpoints), and review the small included script if you want extra assurance. Because disable-model-invocation is true, the skill cannot be invoked autonomously by the model — you'll need to call it explicitly.
Review Dimensions
- Purpose & Capability
- okName/description (read-only market discovery, liquidity checks, validation) match the included Node script and test files. The script only issues GET requests to Kalshi OpenAPI endpoints and prints JSON; required binary 'node' is appropriate and proportional.
- Instruction Scope
- noteSKILL.md restricts usage to read endpoints and documents the exact CLI commands to run. The only scope caveat is an optional KALSHI_BASE_URL environment override (documented) which can redirect requests to a different HTTP endpoint for testing — this is expected for dev/testing but could be misused if pointed at an untrusted server.
- Install Mechanism
- okNo install spec; skill is instruction + small included scripts. No remote downloads or package installs are requested, minimizing install-time risk.
- Credentials
- okNo required environment variables or credentials. The single optional env var KALSHI_BASE_URL is documented and reasonable for testing; there are no hidden env accesses in the code.
- Persistence & Privilege
- okSkill is not always-enabled and declares disable-model-invocation: true, so it cannot be autonomously invoked by the model. It does not modify other skills or system settings.