扫描报告
0 /100
Prediction Stack Orchestrator
Three-agent pipeline orchestrator (Kalshalyst, Eval, Executor) for automated Kalshi prediction market trading
Legitimate prediction market trading orchestrator with clean, documented code. Server monitors processes/configs, HTML is a React dashboard — no malicious patterns found.
可以安装
No action needed. Skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | READ | READ | ✓ 一致 | monitor/server.py:89 subprocess.run(['ps','aux'],...) |
| 文件系统 | READ | READ | ✓ 一致 | monitor/server.py: _read_json() reads ~/kelly_config.json |
| 网络访问 | READ | READ | ✓ 一致 | monitor/server.py:179 HTTPServer serves localhost only |
| 环境变量 | NONE | NONE | — | No os.environ iteration observed |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | React dashboard runs in browser, no automation |
| 数据库 | NONE | NONE | — | No database access |
4 项发现
中危 外部 URL 外部 URL
https://x.com/KingMadeLLC SKILL.md:537 中危 外部 URL 外部 URL
https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/umd/react.production.min.js monitor/index.html:7 中危 外部 URL 外部 URL
https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/umd/react-dom.production.min.js monitor/index.html:8 中危 外部 URL 外部 URL
https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/7.23.9/babel.min.js monitor/index.html:9 目录结构
3 文件 · 59.4 KB · 1448 行 HTML 1f · 587L
Markdown 1f · 539L
Python 1f · 322L
├─
▾
monitor
│ ├─
index.html
HTML
│ └─
server.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ No subprocess remote execution — only local process listing (ps/pgrep) for monitoring
✓ No credential harvesting — reads only trading config files (kelly_config.json, ensemble_weights.json), no ~/.ssh or .env access
✓ No base64 encoding, eval(), or obfuscated code
✓ No external network requests — HTTPServer binds to 0.0.0.0:3333 for local dashboard only
✓ HTML file is a standard React dashboard using CDN-hosted React 18 — no hidden instructions or data exfiltration
✓ No curl|bash, wget|sh, or remote script execution
✓ All subprocess usage is documented in source and serves legitimate process monitoring
✓ No supply chain risk — no pip install, no unpinned dependencies in the skill