v0.5.5

Horizon SDK

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:50 AM.

Analysis

This appears to be a real prediction-market trading skill, but it can place and cancel orders using an API key and delegates core trading behavior to an external SDK, so it needs careful review before installation.

GuidanceInstall this only if you intentionally want an agent to help manage prediction-market trading. Before using real funds, verify the Horizon SDK package and version, use a restricted or paper-trading API key where possible, and require explicit approval for every order, cancellation, arbitrage action, or kill-switch change.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/horizon.py

price = _safe_float(args[3], "price")
size = _safe_float(args[4], "size")
_print(tools.submit_order(market_id, side, price, size, market_side))

The wrapper passes agent/user-supplied price and size directly into the SDK order-submission call, and the provided artifacts do not show a confirmation gate, maximum size, or price/position limit before submitting trades.

User impactIf invoked with the required credential, the skill can place market orders that may lose money or create unwanted financial exposure.

RecommendationUse only with explicit user confirmation for each trade, configure account-level limits, prefer paper trading first, and add hard validation for price ranges, positive size, maximum order size, and allowed markets.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceMediumStatusConcern

install spec

[0] uv | formula: horizon-sdk

The skill installs an external SDK by package name, and the provided wrapper imports that package for the core trading operations. For a financial trading skill, an unpinned external dependency and unknown source increase the importance of verifying package provenance.

User impactThe actual code handling trades and credentials may come from the installed package rather than the small wrapper shown here, so package changes could materially affect behavior.

RecommendationVerify the horizon-sdk package source and publisher, pin an exact reviewed version, and prefer a lockfile or included package hash before using it with real trading credentials.

Rogue Agents

SeverityLowConfidenceMediumStatusNote

SKILL.md

Start a live data feed: start-feed <name> <feed_type> [config_json]

The skill documents starting live data feeds, which is consistent with trading and market analytics, but users should recognize that this may create ongoing background activity in the Horizon environment.

User impactLive feeds or contingent trading controls may continue to affect analysis or risk controls after the initial command.

RecommendationStart feeds and contingent controls only intentionally, monitor active feeds/orders, and confirm there is a clear way to stop or remove them.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

requires:
  env:
    - HORIZON_API_KEY
primaryEnv: HORIZON_API_KEY

The skill explicitly requires a Horizon API key, which is expected for this integration but is sensitive because the same skill also exposes account and order-management operations.

User impactA configured API key may allow the skill to view portfolio information and perform trading actions through the Horizon service.

RecommendationUse the least-privileged API key available, restrict the key to intended accounts or paper trading if possible, rotate it if exposed, and do not install unless you trust the Horizon service and SDK.