Back to skill

Security audit

Kalshi Eth Merge Momentum Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading skill that defaults to dry-run, but live use involves high-value trading and wallet credentials.

Install only if you intentionally want an automated trading helper. Run it in dry-run first, do not provide a main wallet/private key, use a limited funded wallet and scoped API key for live mode, and review or pin simmer-sdk before enabling --live or any automaton schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The manifest says `requires_env: SIMMER_API_KEY`, but the credential section later states that `SOLANA_PRIVATE_KEY` is also required for live trading. This inconsistency can cause operators and review tooling to miss a highly sensitive private key requirement, increasing the chance of unsafe secret handling or accidental exposure in a context involving real-money trades.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest requests access to SOLANA_PRIVATE_KEY even though the skill's stated purpose is trading ETH price markets on Kalshi and the description only justifies SIMMER_API_KEY and simmer-sdk. Requesting an unrelated private key is a strong indicator of over-privileged design and creates a path for credential theft or unauthorized blockchain transactions if the skill code reads or exfiltrates that secret.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A request for a Solana private key is not justified by a Kalshi ETH market trader's declared functionality, so the capability is unnecessary and dangerous in context. Because private keys directly authorize asset movement, an unjustified secret request materially increases the risk of wallet compromise, fund theft, or covert signing of transactions.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill metadata understates the operational requirements: the code clearly supports live trading and references a Solana private key for real execution, while the manifest only calls out SIMMER_API_KEY. This mismatch can mislead users and orchestration systems into enabling a skill with greater financial and key-management risk than advertised.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.