Name: kalshi-api Security Report — Trusted | ClawSafe
Item: kalshi-api
Rating: 100
Author: ClawSafe

This report was generated in Chinese. Some content may be in Chinese.

0 /100

kalshi-api

Read-only Kalshi API skill for market discovery, liquidity checks, and market validation

纯只读 API 客户端，文档与代码完全一致，无任何恶意行为或风险信号

Skill Namekalshi-api

Duration19.4s

Enginepi

ClawHub kalshi api v1.0.0 by brs999

📥 211 ⭐ 1

ClawHub Verdict Suspicious dangerous_exec

✓

Safe to install

该技能安全可信，可直接使用

Resource	Declared	Inferred	Status	Evidence
Network	`NONE`	`READ`	✓ Aligned	scripts/kalshi-api.mjs:64-71 使用 fetch 进行只读 API 调用
Filesystem	`NONE`	`NONE`	—	代码无任何文件读写操作
Shell	`NONE`	`NONE`	—	无 subprocess/child_process 调用

2 findings

🔗

Medium External URL 外部 URL

https://docs.kalshi.com

SKILL.md:4

🔗

Medium External URL 外部 URL

https://api.elections.kalshi.com/trade-api/v2

SKILL.md:65

File Tree

3 files · 9.0 KB · 310 lines

JavaScript 2f · 236L Markdown 1f · 74L

├─ ▾ 📁 scripts

│ └─ 📜 kalshi-api.mjs JavaScript 190L · 5.5 KB

├─ ▾ 📁 tests

│ └─ 📜 kalshi-api.test.mjs JavaScript 46L · 1.6 KB

└─ 📝 SKILL.md Markdown 74L · 2.0 KB

Security Positives

✓ 文档声明只读 API，代码严格遵守：所有请求均为 HTTP GET

✓ 无任何凭证收割或环境变量遍历行为

✓ 无远程代码执行、base64 解码或混淆代码

✓ 使用明确的 User-Agent 标识来源 (openclaw-skills-kalshi-openapi-reader/1.0)

✓ 测试代码使用 spawnSync 隔离测试 CLI 功能，属于合理用途

✓ 无供应链风险，无第三方依赖