Kalshi Paper Trading
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned local Kalshi paper-trading ledger that writes a local database and fetches market quotes, with no artifact evidence of real trading, credential theft, or data exfiltration.
This skill looks reasonable for local Kalshi paper trading. Before installing, be comfortable with it creating a persistent database under ~/.openclaw and making live quote requests to Kalshi; avoid setting KALSHI_BASE_URL to an untrusted service.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misconfigured, quote-sync commands could contact a non-Kalshi endpoint, though the provided code only shows market ticker requests and no credential transmission.
The live market sync endpoint can be overridden by environment variable or CLI option before the script performs a GET request.
process.env.KALSHI_BASE_URL ?? "https://api.elections.kalshi.com/trade-api/v2"
Use the default Kalshi endpoint unless you intentionally need a trusted test or proxy endpoint.
Running the tests will execute the local CLI, which is normal for CLI test coverage but still runs code on the user’s machine.
The static execution finding is test harness code that spawns Node to run the included CLI.
import { spawn, spawnSync } from "node:child_process";Run tests only from a trusted checkout and review CLI arguments before executing commands manually.
Your paper-trading history and market marks can remain on disk across sessions and may reveal trading interests or strategy.
The skill stores paper account, execution, and market mark data persistently in a local SQLite database.
const DEFAULT_DB = `${homedir()}/.openclaw/kalshi-paper.db`;Treat the local database as private trading data; delete or relocate it if you do not want persistent paper-trading records.