ClawHub

Kalshi Trading

Security checks across malware telemetry and agentic risk

Overview

This skill transparently provides Kalshi trading commands, including live order placement and cancellation, with risks users should handle carefully before using real credentials.

Install only if you intentionally want this skill to access your Kalshi account. Prefer demo credentials or small test activity first, keep the private key outside synced or shared locations with restrictive permissions, revoke the key if it may be exposed, and personally confirm every buy, sell, and cancellation before allowing the agent to run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The notes explicitly state that the CLI uses the production trading API by default, but they do not pair that with a clear warning that actions may affect a real funded account. In a trading skill that can place and cancel orders, this increases the risk of accidental real-money transactions, especially during testing or automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to persist a sensitive API key ID and private key path in shell startup files or OpenClaw config, which increases long-term exposure through dotfile backups, shared workstation access, support bundles, screenshots, and accidental commits. While the private key contents are not embedded directly, normalizing persistent credential storage without a stronger warning or safer alternatives can lead to credential misuse and unauthorized trading access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states that the CLI uses the production Kalshi endpoint by default but does not prominently warn that actions may place or cancel real-money trades. In a trading skill, this raises the chance of accidental financial transactions during testing, debugging, or exploratory use, especially when users follow setup steps and immediately run commands to validate connectivity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI performs state-changing trading actions (`buy`, `sell`, and `cancel`) immediately once invoked, with no confirmation prompt, dry-run mode, or secondary safeguard. In a trading skill, this materially increases the risk of accidental or prompt-injection-driven financial actions, especially when an agent or user supplies malformed tickers, sides, quantities, or prices.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal