ClawHub

Kalshi Fed Data Reaction Trader

v1.0.3

Trades Fed rate markets on Kalshi based on macro data releases (CPI, jobs). Scans CPI bin markets for implied CPI, adjusts rate cut probabilities using data...

0· 64·0 current·0 all-time
by@diagnostikon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (trade Kalshi rate markets based on CPI/jobs) match the actual code and declared requirements: the skill uses simmer-sdk to discover/execute markets and requires SIMMER_API_KEY and SOLANA_PRIVATE_KEY for live trading. Requested dependencies (simmer-sdk) are proportionate to the purpose.
Instruction Scope
SKILL.md and trader.py focus on market discovery, computing implied CPI, and trading logic. One small inconsistency: frontmatter lists only SIMMER_API_KEY but the Installation & Setup and clawhub.json also require SOLANA_PRIVATE_KEY. The code may read/write its own skill config via simmer_sdk skill helpers (load_config/update_config/get_config_path) which is expected for tunables and state.
Install Mechanism
No arbitrary downloads or extract operations. Dependencies are pulled from PyPI (simmer-sdk) as declared in clawhub.json and SKILL.md; this is a standard packaging mechanism. The SKILL.md even advises auditing the PyPI package before supplying live credentials.
Credentials
The skill requires two high-sensitivity values: SIMMER_API_KEY (API authority for Simmer) and SOLANA_PRIVATE_KEY (base58 private key used to sign live trades). Both are justified by the trading use case, but SOLANA_PRIVATE_KEY is a high-risk secret — providing it to a skill gives it full signing power for on-chain actions. The skill also reads optional envs like TRADING_VENUE and AUTOMATON_MAX not listed in frontmatter.
Persistence & Privilege
always is false and autostart is false. clawhub.json marks automaton.managed with entrypoint trader.py (so the platform can run it when enabled), which is expected for a managed trading skill. The skill does not request elevated system-wide privileges or modify other skills' configs.
Assessment
This skill appears to be what it claims: a Simmer/Kalshi trading bot. Before enabling live mode, do the following: - Audit the simmer-sdk PyPI package (and its GitHub source) to confirm there are no backdoors or unexpected network endpoints. - Treat SOLANA_PRIVATE_KEY as highly sensitive: prefer a restricted signing key or a custody/workflow that limits fund exposure; never paste your main wallet key into third-party code unless you fully trust and audited it. - Start in dry-run mode (default) and monitor actions, logs, and any external network calls. Confirm the bot only contacts simmer-markets/Kalshi endpoints and expected services. - Be aware of the minor metadata inconsistency (SKILL.md frontmatter omits SOLANA_PRIVATE_KEY while other places require it); verify environment variable requirements before providing secrets. - Consider running the skill in an isolated environment (separate machine or container) and rotate keys after testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975sdyvbr0ms2wfpkwvdtdg9h84ay69

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments