ClawHub

Kalshi Crypto Volatility Skew Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real trading skill, but it needs careful review because live use involves a Solana private key and real-money automated trades that are not fully reflected in the top-level description.

Install only if you intend to run a financial trading bot. Start in dry-run mode, review trader.py and the simmer-sdk dependency, use a dedicated low-balance Solana wallet and scoped API key, keep trade limits low, and do not enable --live or scheduling until you accept the real-money risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation declares required environment variables and credential use, but the metadata does not explicitly declare permissions/capabilities for accessing secrets. In an agent platform, undeclared env access reduces transparency and can cause operators to expose high-value credentials without clear permission scoping or review, especially because the skill handles live trading keys.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description says it requires only SIMMER_API_KEY and simmer-sdk, but the body later requires SOLANA_PRIVATE_KEY for live trading and describes additional operational behaviors such as market discovery and orchestration reporting. This mismatch is dangerous because users may trust the short description when deciding whether to install or provide secrets, leading to unintended exposure of a private key and underestimating the skill's operational reach.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest requests SOLANA_PRIVATE_KEY even though the skill is described as a Kalshi BTC volatility-skew trader that only needs SIMMER_API_KEY and simmer-sdk. Requesting an unrelated blockchain private key is a strong sign of over-privileged secret collection, and if the skill or its dependencies access that key it could enable unauthorized wallet transactions or theft.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
A Solana wallet private key is context-inappropriate for a Kalshi volatility-skew strategy, making this credential request highly suspicious. In trading automation context, collecting an unnecessary private key materially increases the chance of credential exfiltration or direct on-chain asset theft, which is far more dangerous than ordinary API overreach.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The manifest enables a managed automated trading entrypoint without visible trigger scope, guardrails, or invocation constraints. In an asset-moving skill, vague automation boundaries increase the risk of unintended or repeated order placement, especially if paired with sensitive credentials and no clear user-approved execution limits.

Missing User Warnings

High
Confidence
96% confidence
Finding
The manifest combines automated trading with access to a private key but gives no visible warning about sensitive secret handling or the possibility of asset-impacting behavior. In this context, the absence of disclosure and consent mechanisms makes accidental over-trust more likely and magnifies harm if the skill is unsafe or compromised.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal