ClawHub

Kalshi Odds Scanner Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Kalshi trading scanner, but it can place live real-money orders with weak safety controls and includes hardcoded-looking API credentials.

Review this carefully before installing. Use scan-only mode first, remove and rotate any embedded credentials, configure your own keys through safer local secrets, and add a confirmation step plus per-run spend limits before using --buy with a real Kalshi account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file advertises a strict 'ONE side per game only' safety rule, but the implementation does not reliably enforce that invariant when both YES and NO scans are used. In a trading skill, this mismatch can cause conflicting positions on the same underlying event, creating unintended exposure and making users trust a risk control that does not actually exist.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The comment claims duplicate markets are deduplicated, but the code only concatenates yes_plays and no_plays into all_plays. That can result in multiple orders for the same event or opposite-side exposure despite the documented safety model, which is especially dangerous because '--buy' triggers live trading.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents a `--buy` mode that executes live Kalshi trades, but it does not provide a clear warning about financial loss, irreversible order placement, automation risk, or the possibility of acting on incorrect market data. In an agent context, this is dangerous because users may invoke the command as routine analysis, while it can place real-money orders with immediate financial consequences.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script hardcodes a live Odds API key and Kalshi access key identifier directly in source. Embedded credentials are easily leaked through source control, logs, redistribution, or code review artifacts, enabling unauthorized API usage and potentially aiding abuse of the associated trading account.

Missing User Warnings

High
Confidence
95% confidence
Finding
When '--buy' is supplied, the code proceeds to place live orders automatically with no final interactive confirmation, dry-run safeguard, or explicit execution-time warning. In a financial trading context, this makes accidental invocation, scripting mistakes, or manipulated inputs capable of causing immediate monetary loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal