Back to skill
Skillv0.5.0
VirusTotal security
Kalshi Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 3:34 AM
- Hash
- 00af8e48ea106b7d38f30b9f995ed308a8d5c7fb32a707e1626b8342773c4509
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kalshi-agent Version: 0.5.0 The skill bundle itself does not contain overtly malicious code or prompt injection attempts. However, it relies heavily on installing an external global NPM package (`kalshi-cli`) via `npm install -g kalshi-cli` in `install.sh` and `SKILL.md`. This introduces a supply chain risk, as the integrity of the `kalshi-cli` package (from `github.com/JThomasDevs/kalshi-cli`) is critical. Additionally, the documentation mentions `kalshi setup-shell` as a configuration option, which could modify user shell configurations, representing another potential risky behavior if the external `kalshi-cli` tool were compromised or behaved unexpectedly.
- External report
- View on VirusTotal