ClawHub

Foreseek AI

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can place live Kalshi trades and expose financial account data without strong confirmation guidance.

Install only if you intentionally want an agent to access your Foreseek/Kalshi account. Use a least-privilege API key where possible, prefer demo or small limit orders first, and require the agent to confirm ticker, side, order type, contract count, and estimated cost before any live trade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly enables live prediction-market trading through a connected Kalshi account but does not prominently warn that actions may place real-money orders with irreversible financial consequences. In an agent setting, omission of such warnings increases the chance a user or downstream system triggers unintended trades without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The trade execution example shows a market buy order but does not warn that market orders can fill immediately at current prices and result in instant loss or unintended exposure. Because the skill is designed for direct execution, this omission is especially risky: an agent could interpret a casual request as authorization to place a live order without surfacing execution risk.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill documents balance and portfolio retrieval operations without warning users that sensitive financial account information will be fetched from a third-party service and returned through the agent workflow. This creates privacy and data-handling risk, especially if outputs are logged, cached, or exposed to other tools in the agent environment.

External Transmission

Medium
Category
Data Exfiltration
Content
Converts natural language to matched Kalshi contracts.

```bash
curl -X POST https://jxvtetqmzduvhgiyldgp.supabase.co/functions/v1/foreseek-cli \
  -H "Authorization: Bearer $FORESEEK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"operation": "parse", "prediction": "Fed will cut rates in March"}'
Confidence
89% confidence
Finding
curl -X POST https://jxvtetqmzduvhgiyldgp.supabase.co/functions/v1/foreseek-cli \ -H "Authorization: Bearer $FORESEEK_API_KEY" \ -H "Content-Type: application/json" \ -d '{"operation": "parse",

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal