ClawHub

Kalshi Fed Dot Plot Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed real-money trading skill that defaults to dry run, but live use requires high-value trading and wallet credentials.

Install only if you intentionally want an automated trading skill. Run dry-run first, use a dedicated low-balance wallet and constrained API key, review or pin simmer-sdk before supplying live credentials, keep the default limits conservative, and enable --live or scheduling only when you are ready for real-money automated trades.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest requests a SOLANA_PRIVATE_KEY even though the stated skill purpose is Kalshi Fed-rate trading and only mentions SIMMER_API_KEY and simmer-sdk. Requesting an unrelated blockchain private key expands privileges far beyond what is needed and creates a path for wallet theft or unauthorized signing if the runtime or downstream code accesses that secret.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Access to a private key is unjustified by the declared Fed dot-plot/Kalshi trading use case, making this a serious secret overreach. In the context of an automated trading skill, exposing a blockchain private key is especially dangerous because the agent can run unattended and could sign irreversible transactions or drain assets without any connection to the advertised strategy.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill performs autonomous market discovery and imports additional Kalshi markets, which expands its operational scope beyond simply analyzing known Fed dot-plot markets and placing trades. In an agent setting, this increases the blast radius of a compromised or buggy strategy by letting it act on newly discovered markets the user did not explicitly authorize.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The documentation states that live trading occurs via DFlow/Solana, but the implementation actually trades through the Simmer SDK/Kalshi client. Misleading execution-path documentation can cause operators to apply the wrong trust assumptions, key management, monitoring, and approval controls, leading to unintended real-money trading exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The manifest requires a highly sensitive private key but provides no warning, rationale, or disclosure in the file. That omission prevents users from making an informed trust decision and increases the chance they will supply a wallet secret to a skill whose stated purpose does not justify it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When invoked with --live, the skill can place real buy and sell orders immediately without a final confirmation step at execution time. In automated or accidental invocation scenarios, this materially increases the risk of unintended real-money trades, especially because discovery and signal generation are also automatic.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal