Kalshi Fed Temporal Mono Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed dry-run-by-default trading skill, but live mode can spend real USDC and requires sensitive trading and wallet credentials.

Install only if you intend to use or inspect an automated trading skill. Run it in dry-run mode first, review the simmer-sdk dependency before providing live credentials, use a dedicated low-balance wallet and restricted trading key, and do not pass --live or configure scheduling unless the position limits and exit behavior match your risk tolerance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares required environment variables and explicitly asks for high-value credentials, but the metadata does not declare corresponding permissions in a structured way. That weakens review and sandboxing because an orchestrator or user may not realize the skill needs secret access before installation or execution. In a trading skill, undeclared env access is more dangerous because the secrets enable live financial transactions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented purpose understates the actual operational scope: it covers hike markets, market discovery/import, position monitoring, exit trading, and use of SOLANA_PRIVATE_KEY for live execution. This mismatch can mislead users and reviewers into granting trust or credentials under incomplete assumptions, which is especially risky here because the skill can place real trades and access a signing key. In a financial-trading context, hidden or under-disclosed behavior materially increases the chance of unauthorized or misunderstood asset movements.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The manifest requests a SOLANA_PRIVATE_KEY even though the skill description only discusses Kalshi Fed-market arbitrage and names only SIMMER_API_KEY and simmer-sdk as requirements. Requesting an unrelated signing key materially expands the trust boundary and creates a path for wallet compromise or unauthorized blockchain transactions if the skill or its dependencies misuse that secret.

Description-Behavior Mismatch

Medium

Confidence: 99% confidence
Finding: The skill description says only SIMMER_API_KEY and simmer-sdk are needed, but the manifest additionally requires SOLANA_PRIVATE_KEY. This inconsistency can mislead users into supplying a highly sensitive credential they did not expect to expose, weakening informed consent and making secret exfiltration or misuse harder to detect.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Requiring a sensitive private key without any prominent warning or disclosure is dangerous because users may provide a credential capable of controlling assets without understanding the risk. In the context of an automated trading skill, undisclosed access to a blockchain private key is especially concerning because it could enable silent transfers, signing of malicious transactions, or persistence beyond the stated Kalshi-only strategy.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal