Prediction Market Trader
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-built for Kalshi trading, but it asks for private trading-account credentials and includes order-placement authority without enough declared scope or included safety controls.
Only use this skill if you understand that it can authenticate to a real Kalshi account and contains code capable of placing or canceling orders. Prefer read-only credentials for scanning, inspect or add safety checks before enabling trading, and do not provide a broadly privileged private key unless you intend to allow financial account actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill with a broadly privileged Kalshi key could allow account reads and trades using the user’s real account.
The included code requires a Kalshi key ID and RSA private key, while the registry metadata declares no required environment variables or primary credential. These credentials can authenticate to a financial trading account.
const keyId = process.env.KALSHI_KEY_ID;
const privKey = process.env.KALSHI_PRIVATE_KEY;
if (!keyId || !privKey) throw new Error('Set KALSHI_KEY_ID and KALSHI_PRIVATE_KEY env vars');Declare the Kalshi credentials in metadata, document the required key scope, use read-only credentials for scanning where possible, and require a separate explicit trading credential for order placement.
A mistaken or over-eager agent could place or cancel real Kalshi orders and cause financial loss.
The API client exposes direct order placement and cancellation with caller-supplied ticker, side, count, and price, but the included function does not enforce dry-run mode, user confirmation, bankroll limits, edge thresholds, or duplicate-position checks.
async function placeOrder({ ticker, action = 'buy', side = 'yes', type = 'limit', count, price }) {
return kalshiApi('POST', '/trade-api/v2/portfolio/orders', {
ticker, action, side, type, count,
yes_price: side === 'yes' ? price : undefined,
no_price: side === 'no' ? price : undefined,
});
}
async function cancelOrder(orderId) {
return kalshiApi('DELETE', '/trade-api/v2/portfolio/orders/' + orderId);
}Add hard safeguards in executable code: default dry-run, explicit per-order user approval, maximum order size, duplicate-position checks, and enforcement of the documented risk rules before any POST or DELETE order request.
Users may believe order-execution safety checks are included, when the reviewed files only show a lower-level API client with raw order methods.
SKILL.md advertises trade and portfolio scripts, including safety checks, but the provided file manifest only includes scripts/kalshi-auth.js and scripts/scan-edges.js. The claimed safety wrapper is therefore not reviewable in the supplied artifacts.
- `scripts/trade.js` — Place/cancel orders with safety checks - `scripts/portfolio.js` — Check balance, positions, P&L
Include the referenced scripts in the package or remove those instructions; make any safety checks visible and enforce them in the reviewed code.