ClawHub
Back to skill

Security audit

Kalshi Crypto Monotonicity Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading bot, but it asks for high-value trading and wallet credentials with incomplete top-level scoping, so users should review it carefully before installing.

Install only if you are comfortable with an automated financial trading skill. Run it in dry-run first, avoid using a primary wallet, use a low-balance dedicated Solana key, review or pin simmer-sdk before live use, and enable --live or scheduling only with conservative limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description understates operational scope for a trading agent that can discover markets, manage exits, persist configuration, trade multiple assets, and require a live private key. In a credentialed trading context, this mismatch is dangerous because an operator may approve or run the skill under an incomplete understanding of what assets it can touch and what sensitive credentials it needs, increasing the chance of unintended live trading or broader account impact.

Intent-Code Divergence

Medium
Confidence
77% confidence
Finding
The documentation says the skill defaults to dry-run and only trades live with an explicit flag, but it also describes built-in real trade execution plumbing and live-key requirements. In a financial automation skill, contradictory safety messaging can mislead users about whether possession of live credentials or certain execution paths could still expose them to real trading risk, especially when deployed via automation platforms.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The manifest says only SIMMER_API_KEY is required, while later documentation says SOLANA_PRIVATE_KEY is also required. For a trading skill, inconsistent credential declarations are security-significant because they can cause operators to supply a high-value private key they did not expect to entrust to the skill, or bypass review controls that rely on manifest-declared secret requirements.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest requests SOLANA_PRIVATE_KEY even though the stated purpose is a Kalshi crypto monotonicity trader and no user-facing context justifies blockchain wallet access. Unnecessary collection of a private key expands the blast radius of the skill and could enable wallet compromise or unauthorized signing if the runtime or downstream code accesses that secret.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Declaring access to an unrelated private key is a strong security concern because it grants the skill possession of a highly sensitive credential without an evident business need. In this context, the mismatch between 'Kalshi monotonicity trader' and 'Solana private key' makes the request more suspicious, since a compromised or poorly written trader could misuse the key for asset transfers or signing malicious transactions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest asks for a sensitive private key but provides no user-visible warning that the skill may affect a wallet or use signing authority. Even absent proven malicious code in this file, silent access to a private key undermines informed consent and materially increases risk because users may supply a credential with no understanding of potential financial consequences.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal