Kalshi Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Kalshi trading skill, but it needs review because it can use stored credentials to place real-money trades and bypass confirmations.

Install only if you intentionally want an agent-capable CLI to access a funded Kalshi account. Verify the upstream `kalshi-cli` package, lock down `~/.kalshi` and key-file permissions, avoid shell-config credential export unless reviewed, and require explicit human approval for any trade, especially when `--force` is available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README includes a concrete `kalshi buy` example that can place a real market order once credentials are configured, but it does not clearly warn that this is a live trade with financial consequences. In an agent skill context, users may copy commands verbatim or wire the skill into automation, increasing the chance of unintended real-money transactions.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill instructs users to store an API access key and an RSA private key locally, including adding credentials to shell configuration, but does not warn about secret exposure risks. This can lead to accidental credential leakage through permissive file permissions, shell history, shared machines, backups, or committed dotfiles, enabling unauthorized trading or account access.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: # Sell (same syntax) kalshi sell KXWO-GOLD-26-NOR 5 40 --side no # Skip confirmation prompt kalshi buy KXSB-26 10 68 --force # Cancel an open order
Confidence: 88% confidence
Finding: Skip confirmation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal