Foreseek AI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Review before installing: this skill can place real prediction-market trades using your API key, but the provided instructions do not show confirmation, price-limit, or spending-cap safeguards.
Install only if you trust Foreseek and are comfortable letting an agent access a connected Kalshi trading account. Before any trade, require an explicit confirmation with the exact contract, side, quantity, order type, maximum price or total spend, and live-vs-demo status.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent action could place real-money prediction-market trades or cancel orders in the user's account.
The skill documents a direct API operation that places real orders on a connected Kalshi account, including market orders. The provided artifacts do not show mandatory user confirmation, spend limits, or price/slippage controls before this high-impact action.
### Execute a Trade Places an order on Kalshi through your connected account. ... "operation": "trade", "ticker": "KXFED-25MAR-T475", "side": "yes", "action": "buy", "count": 10, "type": "market"
Only use this with explicit per-order confirmation that states ticker, side, action, quantity, order type, maximum price/cost, and whether the account is demo or live. Prefer limit orders and small caps.
Anyone or any agent workflow with access to this key may be able to view account information and perform trading actions supported by the Foreseek API.
The skill requires a Foreseek API key and uses it as a bearer token for operations tied to a connected Kalshi account. This is expected for the stated trading purpose, but it is sensitive delegated account authority.
requires:
env:
- FORESEEK_API_KEY
...
-H "Authorization: Bearer $FORESEEK_API_KEY"
...
"kalshi_connected": trueUse the least-privileged key available, rotate it if exposed, verify whether it is connected to a live or demo Kalshi account, and avoid enabling autonomous use for trade execution.
The user must trust the external Foreseek backend with their API key and trading/account requests.
All operations are sent to an external Supabase function endpoint. This is plausible provider infrastructure, but because the supplied package has no code files or install spec, the backend's handling of credentials, trades, and account data cannot be reviewed here.
curl -X POST https://jxvtetqmzduvhgiyldgp.supabase.co/functions/v1/foreseek-cli
Verify the endpoint through Foreseek's official documentation or dashboard before using it, and do not provide credentials if the service origin cannot be confirmed.