Back to skill
Skillv1.0.1
ClawScan security
Kalshi Econ Seasonal Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 4, 2026, 9:35 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is mostly coherent for a Kalshi/Simmer trading bot, but there are metadata inconsistencies, undeclared environment usage, and it requests a highly sensitive SOLANA_PRIVATE_KEY — review code and the simmer-sdk package before trusting it with live funds.
- Guidance
- Before installing or supplying credentials: - Do not hand over your main Solana private key. Use a dedicated, low-balance key for testing live trades. - Verify the simmer-sdk PyPI package and its GitHub repo (publisher, recent commits, and file contents) to ensure it is legitimate and doesn't exfiltrate secrets. - Inspect the full trader.py (the supplied file was truncated in the listing) for any network endpoints, hard-coded URLs, or code paths that transmit environment variables or files to third parties. Search for HTTP(s) requests, base64/hex encoding of env values, or subprocess calls that could leak keys. - Start in dry-run mode (default) and run locally to observe behavior and network I/O. - Confirm the discrepancy in registry metadata (registry claimed no required envs, but code and clawhub.json require SIMMER_API_KEY and SOLANA_PRIVATE_KEY) is resolved by the publisher. - If you plan to run live, limit MAX_POSITION_USD and max trades, and monitor logs & network traffic. If you can share the full trader.py and the simmer-sdk package source, I can re-evaluate with higher confidence.
Review Dimensions
- Purpose & Capability
- noteThe skill's purpose (trade CPI markets via Simmer/Kalshi) aligns with the code and the declared pip dependency (simmer-sdk). However registry-level metadata earlier claimed 'Required env vars: none' while SKILL.md and clawhub.json require SIMMER_API_KEY and SOLANA_PRIVATE_KEY. This mismatch between registry metadata and included files is an incoherence that should be corrected.
- Instruction Scope
- noteSKILL.md and trader.py keep scope to market discovery, fair-value calculation, and trade execution. The instructions explicitly default to dry-run and require an explicit --live flag to execute real trades. Points to watch: the code attempts optional integration with a 'tradejournal' module and imports 'skills.tradejournal' as a fallback (this can access other skill modules if present). The skill also uses simmer_sdk.skill helpers (load_config/update_config) which read/write the skill's config path. It references and reads additional env vars (TRADING_VENUE, AUTOMATON_MAX) that aren't consistently declared in top-level metadata.
- Install Mechanism
- okThere is no arbitrary download/install; the dependency is a PyPI package (simmer-sdk). Using pip-installed packages is expected for this purpose, but PyPI packages have inherent supply-chain risk — verify the package publisher, release source, and review the simmer-sdk code before installing.
- Credentials
- concernRequesting SIMMER_API_KEY and SOLANA_PRIVATE_KEY is proportionate to a trading skill, but SOLANA_PRIVATE_KEY is highly sensitive and grants direct custody-authority for on-chain funds. Additionally, the code references other environment variables (TRADING_VENUE, AUTOMATON_MAX) that are not consistently declared in metadata; this incomplete declaration could surprise users. Only provide private keys after verifying code and limiting funds (use a low-balance/trial key).
- Persistence & Privilege
- okThe skill is not marked 'always:true' and autostart is false. It is set as an automaton-managed entrypoint but will not run on a schedule unless configured — autonomous invocation is allowed by default (normal). The skill updates/reads its own config but does not appear to modify other skills or system-wide settings.