Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prediction Market Watcher
v1.0.0Monitor, analyze, and trade on Kalshi and Polymarket prediction markets. Use when the user wants to check open positions, scan for value bets, place bets, ch...
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to monitor and trade on Kalshi/Polymarket and the code implements that. However the registry metadata lists no required environment variables or credentials while both SKILL.md and the code clearly require KALSHI_KEY_ID and KALSHI_KEY_FILE (an RSA private key file) or a config with key_id/key_file. That omission is an incoherence: a trading skill legitimately needs credentials, so the registry should declare them. Also SKILL.md refers to storing keys at kalshi-agent/kalshi.key in the workspace; requesting a private key file is proportionate for the function but must be declared.
Instruction Scope
SKILL.md and the scripts are scoped to market scanning, ranking, and order placement. They instruct reading a workspace config and private key, fetching market data, and writing a local risk_state.json. The doc also suggests external actions (cron job, Telegram messages, Brave API/web search for prices) that are outside the provided code. The provided code itself only talks to Kalshi endpoints and reads/writes local state; it does not implement Telegram or Brave calls. The instructions asking the operator to message an external person (Katie) are out-of-band and not enforced by code — this is a procedural note but not inherently malicious.
Install Mechanism
There is no install spec — the skill is instruction+scripts only. That is lower install risk (no downloads from arbitrary URLs). The package contains Python scripts that will run from the workspace; nothing in the manifest downloads or extracts remote archives.
Credentials
The runtime requires sensitive artifacts (Kalshi API key ID and an RSA private key file) and will read them from env vars or a workspace config, but the registry metadata did not declare these required env vars/credentials. The code also persists trading state and open positions to risk_state.json in the script directory. Requesting Kalshi credentials is proportionate to the trading purpose, but the missing declaration plus the need to place a private key file in the workspace increases the chance a user will accidentally store secrets in an insecure place. No unrelated credentials are requested by code.
Persistence & Privilege
The skill writes and reads local persistent state (risk_state.json) and expects/stores a config.json and private key file in the workspace. It does not request 'always: true' and does not alter other skills or system-wide settings. Local persistence and requiring a private key are normal for a trading bot, but you should be aware these files contain sensitive info and trading history and will live in the workspace by default.
What to consider before installing
Do not install or run this skill with live credentials until you are comfortable with the code and where secrets will be stored. Specific actions to consider:
- The registry metadata does NOT list required credentials, but the code and SKILL.md require KALSHI_KEY_ID and a private key file path (KALSHI_KEY_FILE or kalshi-agent/config.json). Treat that as a red flag: ask the publisher to fix the metadata or update it yourself.
- The skill will read an RSA private key file from your workspace and persist trading state (risk_state.json). Store keys in a secure location (not in a shared repo), restrict file permissions, or use a secure secrets store. Do not commit keys to source control.
- Run first in demo mode (the code supports demo=true) and inspect network traffic (which should go only to the Kalshi API base URLs present in the code) before granting live credentials.
- Audit the code if you plan to enable auto-betting (--run). Pay attention to create_order flows and error handling. Consider throttling/limiting auto-bet behavior and keep tight daily caps.
- If you need external notifications (Telegram) or price sources (Brave API), implement and audit them explicitly rather than following the informal SKILL.md instructions.
- If you are not comfortable reviewing code: do not supply live API keys or private keys. Ask the skill publisher to correct the metadata and clarify how secrets are stored and used.Like a lobster shell, security has layers — review code before you run it.
latestvk97dnr37n3a8zfrn2tespvmw7n83y37x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.