ClawHub

Kalshi Crypto Correlation Trader

Security checks across malware telemetry and agentic risk

Overview

This is a real trading skill with disclosed dry-run defaults, but it needs Review because live mode uses sensitive wallet/trading credentials and can make financial trades with some under-scoped behavior.

Install only if you are comfortable reviewing a live trading bot. Use a dedicated low-balance wallet and limited Simmer/Kalshi credentials, run dry mode first, verify simmer-sdk and any tradejournal integration, and do not schedule or invoke --live until the credential disclosure and position-exit scope are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation says both SIMMER_API_KEY and SOLANA_PRIVATE_KEY are required, while the manifest metadata only declares SIMMER_API_KEY. Credential requirement inconsistencies are security-relevant because they can mislead users, bypass review gates tied to manifest-declared secrets, and cause operators to expose a sensitive private key unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest requests a SOLANA_PRIVATE_KEY even though the skill is described as a BTC/ETH correlation trader using Simmer-style market trading, and no justification is visible in this file. Unnecessary private-key access materially expands the blast radius: if the skill, dependency, or downstream execution path is compromised, a blockchain wallet could be drained or abused for unauthorized signing.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Declaring a private key as a required capability without an evident business need is a sensitive-capability abuse pattern. In this context, the mismatch between stated purpose and requested secret makes the skill more dangerous because users may supply a high-value wallet key to software that appears to only need an API key for market trading.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The header and usage text understate the prerequisites and risk of live operation by implying a simple API-key requirement while the script can place real trades when `--live` is supplied and also relies on a private signing key. This kind of capability mismatch can mislead operators or automation into enabling the skill without understanding that it performs financially consequential actions.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill description frames behavior as trading ETH markets from BTC signals, but the implementation also performs autonomous market discovery and imports external Kalshi markets into Simmer. That expands the operational scope beyond what a user may reasonably expect, increasing the chance of unintended data ingestion, broader market exposure, or automated actions in environments that assumed read-only or pre-approved markets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest asks for a private key but provides no user-facing warning, rationale, or risk disclosure in the metadata shown here. This increases the chance that users will provide a sensitive credential without understanding the consequences, enabling silent misuse or severe loss if the skill behaves unexpectedly or is later modified.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When run with `--live`, the script can submit real buy orders automatically once thresholds are met, without a final interactive confirmation at execution time. In an agent or automation context, this increases the chance of accidental financial loss from misconfiguration, stale assumptions, or unattended invocation, because a single flag flips the program from analysis to trading.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal