Back to skill

Security audit

Kalshi Weather Trader

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Kalshi weather trading, but it needs review because it asks for a raw Solana private key and can run live automated trades with bypassable safeguards.

Install only if you intentionally want automated Kalshi weather trading. Use a dedicated low-balance Solana wallet, never reuse a primary wallet key, keep dry-run mode until you understand the strategy, avoid --no-safeguards for live trades, and enable cron or quiet live mode only with explicit spending limits you can afford to lose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly requires access to environment variables and external network services, including a Solana private key and API endpoints, yet no declared permissions are present. This creates a transparency and policy-enforcement gap: users or hosting systems may invoke a skill with sensitive capabilities without clear consent boundaries or capability review.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The description says to use the skill not only for trading but also to 'check NOAA forecasts,' which broadens activation beyond clearly financial/trading intent. That can cause the agent to invoke a wallet-capable, trade-oriented skill for generic weather queries, increasing the chance of unnecessary secret exposure, confusing tool routing, or accidental progression into trading workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest requires a raw Solana private key to be supplied to the skill for signing trades, but the description does not provide a prominent warning about the sensitivity of that credential, custody implications, or the risk of loss if the skill or its dependencies are compromised. In a trading automation context, that omission is dangerous because users may provide a wallet key without understanding they are granting the skill direct authority to move funds and sign transactions.

External Transmission

Medium
Category
Data Exfiltration
Content
4. **Verify KYC**
   - Required for Kalshi buys (not sells)
   - Complete at [dflow.net/proof](https://dflow.net/proof)
   - Check status: `curl "https://api.simmer.markets/api/proof/status?wallet=YOUR_SOLANA_ADDRESS"`

5. **Fund the wallet**
   - SOL on Solana mainnet for transaction fees (~0.01 SOL)
Confidence
82% confidence
Finding
https://api.simmer.markets/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **Market status**: Skips if market already resolved
- **Kalshi maintenance**: Kalshi's clearinghouse has a weekly maintenance window on Thursdays 3:00-5:00 AM ET — orders during this window will fail

Disable with `--no-safeguards` (not recommended).

## Troubleshooting
Confidence
88% confidence
Finding
--no-safe

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.