ClawHub

Kalshi F1 Race Momentum Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed automated trading skill that defaults to dry-run mode, but users should treat the wallet key and live-trading authority carefully.

Install only if you are comfortable with an automated trading skill and the Simmer/DFlow/Solana execution path. Test dry-run mode first, use a dedicated low-balance trading wallet rather than a primary wallet, and enable --live only after reviewing the position limits and dependency trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill metadata states that only SIMMER_API_KEY is required, but later sections also require SOLANA_PRIVATE_KEY for live trading. This inconsistency can mislead operators about the sensitivity and scope of credentials needed, increasing the chance of unsafe deployment, failed runs, or accidental exposure of a high-value signing key in environments that were not prepared for it.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest requests SOLANA_PRIVATE_KEY even though the described skill only needs SIMMER_API_KEY to trade Kalshi F1 markets. Requesting an unrelated private key unnecessarily expands access to highly sensitive credentials and creates a path for secret misuse or exfiltration if the skill code is compromised or deceptive.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This is a context-inappropriate capability request: a Solana private key is unrelated to the stated purpose of Kalshi F1 championship trading. Because private keys enable direct control of blockchain assets, requesting one without a clear functional need is a strong indicator of potential credential theft or unauthorized fund movement.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill advertises trading Kalshi markets, but its live path actually routes execution through Simmer/DFlow/Solana infrastructure. That indirection materially changes the trust boundary, custody model, and execution venue assumptions for a user, so the documentation mismatch is security-relevant because users may expose API keys and private keys under a false understanding of where trades are executed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Requiring a private key without explicit disclosure prevents users from making an informed trust decision about providing extremely sensitive material. In this context, the lack of warning is more dangerous because the key itself appears unnecessary for the advertised behavior, increasing the chance that users would unknowingly expose a credential that can authorize irreversible asset transfers.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal