Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SimpleFunctions
v0.1.0SimpleFunctions — AI-native prediction market runtime for Kalshi & Polymarket. Thesis tracking, edge scanning, position monitoring, and trade execution via C...
⭐ 0· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is a prediction-market trading/runtime which reasonably requires the 'sf' CLI and market API credentials (Kalshi, SimpleFunctions). However, the registry metadata lists no required environment variables or install spec while the SKILL.md clearly documents SF_API_KEY, KALSHI_API_KEY_ID, KALSHI_PRIVATE_KEY_PATH and an npm install for @spfunctions/cli. That mismatch between declared metadata and the runtime instructions is incoherent and worth questioning.
Instruction Scope
SKILL.md tells the agent to run many sf CLI commands (scan, trade, evaluate, agent, setup) and to configure Telegram alerts. The instructions reference a filesystem private key path (KALSHI_PRIVATE_KEY_PATH) and tokens. While these actions are within the stated domain (trading/monitoring), they give agents/CLI the ability to access local keys and execute trades — scope is broader and higher-risk than the registry claims.
Install Mechanism
Installation is via npm (@spfunctions/cli), which is a common but moderate-risk vector (unreviewed third‑party package). The registry manifest claimed 'No install spec', yet SKILL.md includes an install entry and npm install instructions — another internal inconsistency to verify. No direct downloads or archive extraction are present in the instructions.
Credentials
The SKILL.md requires multiple sensitive items: SF_API_KEY, KALSHI_API_KEY_ID, and a KALSHI_PRIVATE_KEY_PATH (private key file), plus optional Telegram bot token. None of these were declared in the registry 'required env vars' list. Requesting a private key path and trading credentials is high-impact and should be explicitly declared and justified; the omission is suspicious.
Persistence & Privilege
The skill is not set to 'always: true' and is user-invocable only. Autonomous invocation is allowed by default (normal), which combined with trading credentials could permit the agent to place orders without additional human confirmation — this is expected behavior for a trading skill but increases blast radius, so exercise caution when granting credentials.
What to consider before installing
This skill appears to be a legitimate CLI wrapper for prediction-market trading, but the SKILL.md and registry metadata disagree: the runtime docs reference sensitive credentials (SF_API_KEY, KALSHI_API_KEY_ID, KALSHI_PRIVATE_KEY_PATH) and a Telegram bot token that are not listed in the registry. Before installing or providing credentials: 1) Verify the npm package @spfunctions/cli on npmjs.org (author, downloads, recent versions) and inspect its source code (or the GitHub repo) to ensure it doesn't exfiltrate keys. 2) Prefer least-privilege keys: use API keys with only read or simulated/trading scopes for testing, and avoid placing long-lived private keys on disk if possible. 3) Do not grant trading credentials until you confirm how the agent will obtain explicit confirmation before executing real trades (or run in manual mode). 4) Treat KALSHI_PRIVATE_KEY_PATH as highly sensitive — keep it in a protected location or use a dedicated key with limited permissions. 5) If you rely on Telegram alerts, consider using a bot account with limited exposure. 6) Ask the publisher to correct the registry metadata so required env vars and install steps are explicit. If you cannot validate the npm package source, run the CLI in an isolated environment or avoid supplying live trading credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk974pjnnrfatmngzjevzwf681h83bhk4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📈 Clawdis
Binssf