ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kalshi Fed Dot Plot Trader

v1.0.4

Trades Fed rate markets on Kalshi using FOMC dot plot median implied rate path. Computes fair probability of cut/hike per meeting and trades when market dive...

0· 57·0 current·0 all-time
by@diagnostikon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description (Kalshi Fed Dot Plot Trader) matches the observed behavior: it discovers Kalshi markets and uses a Simmer SDK client to execute trades. Requiring SIMMER_API_KEY and a SOLANA_PRIVATE_KEY is consistent with a trading agent that must authenticate to Simmer and sign Solana transactions. However, the registry metadata at the top of the report lists 'Required env vars: none' and 'Primary credential: none' while both SKILL.md and clawhub.json declare SIMMER_API_KEY and SOLANA_PRIVATE_KEY. That inconsistency is notable and unexplained.
Instruction Scope
SKILL.md and trader.py's instructions focus on discovering markets, computing fair probabilities from the Fed dot plot, and executing trades. The runtime instructions and code only reference trading-related environment variables (SIMMER_API_KEY, SOLANA_PRIVATE_KEY, optional TRADING_VENUE, AUTOMATON_MAX_BET) and do not instruct reading unrelated system files or exfiltrating data to unknown endpoints. The skill defaults to dry-run and only performs live trades when '--live' is passed.
Install Mechanism
There is no install spec that downloads arbitrary code; the dependency is a named PyPI package (simmer-sdk) and the SKILL.md / clawhub.json point to a public GitHub repo. This is a normal install surface, but you should review the simmer-sdk source before supplying live credentials, as recommended in SKILL.md.
!
Credentials
The skill requires two high-value secrets: SIMMER_API_KEY (trading authority) and SOLANA_PRIVATE_KEY (private key used to sign live Solana trades). Those are proportionate to the stated purpose of executing live trades, but they are sensitive and should only be provided after auditing both trader.py and the simmer-sdk. The bigger concern is the mismatch with the registry metadata (which claims no env vars required) — that discrepancy could lead a user to supply credentials without realizing they are needed. The skill also references optional env vars (TRADING_VENUE, AUTOMATON_MAX_BET) not listed in the top-level registry, which is minor but worth noting.
Persistence & Privilege
The skill is not marked always:true and autostart is false. The clawhub.json marks the script as an automaton-managed entrypoint, meaning it can be run by the agent, but default behavior is dry-run. Normal autonomous invocation is allowed by platform settings (disable-model-invocation: false). This combination is expected for a trading skill, but be aware that an agent could potentially invoke the skill with the '--live' flag if given permission, causing real trades.
What to consider before installing
Before installing or providing credentials, do the following: - Do not export your SOLANA_PRIVATE_KEY or SIMMER_API_KEY until you have audited the code and the simmer-sdk dependency. These are high-value secrets that can execute real trades. - The registry metadata omitted required env vars; treat that as a red flag and ask the publisher why the metadata and SKILL.md disagree. - Review the included trader.py and the simmer-sdk source (GitHub/PyPI) to confirm how the private key is used and whether keys are transmitted or only used locally for signing. - Test in dry-run/paper mode only. Only pass '--live' after you are confident and, preferably, with a minimal-balance account to limit potential loss. - Consider providing credentials via a secure secrets store (not raw environment variables) and restrict the API key's permissions if possible. - If you allow autonomous agent invocation, add a policy that prevents automatic live-mode trades (require manual confirmation for '--live'). If you want, I can: (1) scan the rest of trader.py for any code paths that send data to unexpected endpoints, (2) summarize where SOLANA_PRIVATE_KEY is used in the code, or (3) draft questions to ask the publisher about the metadata mismatch.

Like a lobster shell, security has layers — review code before you run it.

latestvk973qj88n2qyy8ws6nkn559k4h84as8m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments