Kalshi Crypto Cycle Model Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed dry-run-by-default trading skill, but live mode requires high-value trading and wallet credentials.

Install only if you are comfortable with an automated trading skill and its third-party SDK. Keep it in dry-run first, use a dedicated low-balance wallet/API setup for live mode, review simmer-sdk before providing SOLANA_PRIVATE_KEY, and do not expose a primary wallet private key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares access to environment-backed credentials and explicitly requests high-value secrets, but the metadata does not clearly declare permissions in a structured way. In a trading skill, undeclared secret access is security-relevant because operators may expose API keys and private keys without an accurate permission summary, increasing the chance of over-trusting the package.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The skill metadata says only SIMMER_API_KEY is required, while the body later requests a SOLANA_PRIVATE_KEY, which is a much more sensitive credential. In the context of a live trading skill, inconsistent credential disclosure is dangerous because users may provide a private key they did not expect to be needed, or automation may be configured with broader secret exposure than intended.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The manifest requests SOLANA_PRIVATE_KEY even though the skill description and declared dependency scope only reference Kalshi/BTC trading via simmer-sdk. An unrelated blockchain private key is a highly sensitive credential, and requesting it without a clear functional need strongly suggests credential overreach or a pathway for secret theft if the entrypoint accesses environment variables.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Requesting a Solana private key is context-inappropriate for a Kalshi market trader and materially increases risk because private keys enable irreversible asset transfer, not just API access. In this skill context, the mismatch makes the request more dangerous, since users may provide a wallet secret to a component that has no legitimate stated reason to possess it.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The manifest enables automated trading while requiring a private key, but provides no warning, consent language, or disclosure about how that credential will be used. Even if not overtly malicious, collecting a private key for an automated agent without explicit explanation creates substantial risk of accidental secret exposure, unauthorized signing, or user misunderstanding.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal