扫描报告
0 /100
kalshi-api
Read-only Kalshi API skill for market discovery, liquidity checks, and market validation
A minimal, read-only Kalshi API market-data fetcher with no external dependencies, no credential access, no file writes, and fully declared behavior in SKILL.md.
可以安装
Approve for use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access found in kalshi-api.mjs |
| 网络访问 | READ | READ | ✓ 一致 | Only GET requests to api.elections.kalshi.com, declared in SKILL.md |
| 命令执行 | NONE | NONE | — | No shell execution; only node process.argv for CLI argument parsing |
| 环境变量 | NONE | NONE | — | KALSHI_BASE_URL read is a legitimate, documented optional override for the API b… |
| 技能调用 | NONE | NONE | — | No skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://docs.kalshi.com SKILL.md:4 中危 外部 URL 外部 URL
https://api.elections.kalshi.com/trade-api/v2 SKILL.md:65 目录结构
3 文件 · 9.0 KB · 310 行 JavaScript 2f · 236L
Markdown 1f · 74L
├─
▾
scripts
│ └─
kalshi-api.mjs
JavaScript
├─
▾
tests
│ └─
kalshi-api.test.mjs
JavaScript
└─
SKILL.md
Markdown
安全亮点
✓ No external npm/pip dependencies — self-contained 190-line vanilla JS script
✓ No credential harvesting — only an optional KALSHI_BASE_URL env override, clearly documented
✓ Only GET requests to the declared Kalshi API domain — no data exfiltration
✓ Read-only design enforced in code: no order placement, no writes, no state mutations
✓ Clean doc-to-code match: SKILL.md accurately describes all behavior
✓ spawnSync usage in tests is limited to local CLI smoke-testing and is not exported from the main script
✓ No obfuscation, no base64, no eval, no hidden instructions