ClawHub

Kalshi ETH Bin Distribution Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed, opt-in trading skill that can use sensitive credentials for live trades, with no evidence of hidden or unrelated behavior in the packaged files.

Install only if you are comfortable with automated financial trading. Start in dry-run mode, do not configure cron or pass --live until you have reviewed simmer-sdk, and use a dedicated low-balance Solana wallet plus limited trading credentials rather than a primary wallet or broadly privileged account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest requests `SOLANA_PRIVATE_KEY` even though the skill description and dependencies only justify Kalshi/ETH trading via `SIMMER_API_KEY`. Unnecessary access to a blockchain private key materially expands the blast radius: a compromised or abusive skill could exfiltrate the key and drain unrelated wallet assets, and the mismatch between stated purpose and requested secret is a strong indicator of overprivilege.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Requesting a Solana wallet credential without any functional justification for an ETH/Kalshi bin-trading skill is an unjustified secret-access pattern. In context, this is more dangerous because trading skills commonly run with automation and privileged API access, so an unrelated wallet key could be silently abused for fund transfers or signing malicious transactions outside the advertised behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest declares a private key requirement with no user-facing warning, disclosure, or rationale. Even if not actively malicious, asking for a highly sensitive secret without explicit notice increases the likelihood that users will provide dangerous credentials they do not expect the skill to access, enabling severe downstream compromise if the skill is buggy or abused.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Real-money trading is enabled by a simple --live flag with no interactive confirmation, secondary safeguard, or environment-based kill switch. In automated or scripted contexts, a mistaken invocation can place unintended trades immediately, creating financial loss even though this is not a classic software compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal