Skillv1.0.1

ClawScan security

Kalshi Econ Revision Drift Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 4, 2026, 9:35 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated trading purpose, but there are inconsistent/contradictory declarations about required credentials and a few sensitive environment accesses (Solana private key) and undeclared env hooks that deserve user attention before installing.
Guidance: This skill appears to implement the described CPI revision-drift trading strategy, but there are a few inconsistencies and sensitive requests you should confirm before installing: - Metadata mismatch: the registry summary at the top lists no required env vars, but clawhub.json and the Installation section require SIMMER_API_KEY and SOLANA_PRIVATE_KEY. Verify which credentials are actually required. - High-value secrets: SOLANA_PRIVATE_KEY is a blockchain private key. Only provide it if you fully trust the simmer-sdk implementation and you understand how the key is used, stored, and protected (ideally provide least-privilege keys or use a signing service/hardware wallet if supported). - Audit simmer-sdk: the package is installed from PyPI; review its code (and any network endpoints it calls) before giving live trading credentials. SKILL.md itself recommends this. - Undeclared env hooks: trader.py reads AUTOMATON_MAX_BET (and may read other env vars). Ask the author for a full list of environment variables and their effects to avoid surprise behavior. - Trade journal integration: the script will attempt to import 'tradejournal' or 'skills.tradejournal' if available — check where logs are sent if that package exists in your environment. If you want to proceed safely: run the skill in dry-run mode (the default) without providing SOLANA_PRIVATE_KEY to inspect behavior; review network calls made by simmer-sdk; and consider using a restricted/test account or ephemeral key for live runs.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (trading Kalshi CPI bin markets using a CPI revision bias) aligns with the included code and use of the simmer-sdk. Requiring SIMMER_API_KEY is expected. Requiring a SOLANA_PRIVATE_KEY for live execution is plausible given the SKILL.md's note about ‘Kalshi via DFlow/Solana’, but Kalshi is not natively a Solana-based exchange so this architecture should be confirmed (the skill appears to rely on Simmer/DFlow to route/settle trades on Solana). Also: registry metadata at the top says 'required env vars: none' while clawhub.json and SKILL.md require credentials — this metadata mismatch is inconsistent and worth confirming.
Instruction Scope: concernSKILL.md and trader.py focus on market discovery, probability calculations, and trade plumbing. However there are contradictory declarations inside SKILL.md (header lists only SIMMER_API_KEY while Installation & Setup and clawhub.json require SIMMER_API_KEY and SOLANA_PRIVATE_KEY). The code reads other environment variables (e.g., AUTOMATON_MAX_BET) that are not declared in the manifest. The script optionally imports a 'tradejournal' integration (or skills.tradejournal) which, if present, may log trade data externally — review that integration. No obvious instructions direct data to unknown external endpoints beyond simmer-sdk usage, but confirm what simmer-sdk transmits.
Install Mechanism: okThis is an instruction-only skill with a Python file; it requires the simmer-sdk package from PyPI (declared in clawhub.json). That is a standard registry install path. There is no arbitrary download URL or archive-extract install present. As the SKILL.md suggests, you should review the simmer-sdk source before giving live credentials.
Credentials: concernThe skill requires two high-value secrets: SIMMER_API_KEY (expected) and SOLANA_PRIVATE_KEY (sensitive). Asking for a blockchain private key is proportionate for a live trading agent that funds/settles via Solana, but it is high-risk and should only be provided after auditing simmer-sdk and understanding where and how the private key will be used/stored. Additionally, the code reads at least one undeclared environment variable (AUTOMATON_MAX_BET) which can affect behavior; any undeclared env hooks are a vector for unexpected control. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request 'always: true' and clawhub.json sets autostart: false. Automaton is 'managed' with an entrypoint, which is normal for a trading skill. There is no indication it modifies other skills' configs or demands permanent platform-wide privileges.