Kalshalyst Security Report — Low Risk | ClawSafe

20 /100

Kalshalyst

Contrarian prediction market scanner using Claude Sonnet analysis, Brier score calibration, and Kelly Criterion position sizing for Kalshi markets

Legitimate prediction market trading tool with well-engineered safety controls; undocumented filesystem WRITE (state files) and subprocess shell access are minor doc/code gaps without malicious intent.

Skill NameKalshalyst

Duration72.3s

Enginepi

✓

Safe to install

Add explicit declarations for subprocess shell access and filesystem WRITE scope in SKILL.md. Consider pinning all pip dependencies. Otherwise safe to use.

Findings 6 items

Severity	Finding	Location
Medium	Subprocess shell execution not declared in SKILL.md Doc Mismatch claude_estimator.py executes 'claude -p' via subprocess.run with shell access (start_new_session=True). SKILL.md declares no shell:WRITE permission, only listing Claude API as the LLM interface. `subprocess.run(["claude", "-p", full_prompt, "--output-format", "text"], capture_output=True, text=True, timeout=timeout, start_new_session=True)` → Add shell:WRITE to the skill's declared permissions in SKILL.md, or document that Claude CLI is used as the primary estimation path with API as fallback.	`scripts/claude_estimator.py:30`
Medium	Filesystem WRITE scope exceeds declared READ-only access Doc Mismatch SKILL.md declares filesystem:READ but the codebase writes to multiple state files: trade_ledger.json, brier_tracker.db, portfolio snapshots, state JSONL logs, and kalshalyst cache. All writes are scoped to ~/.openclaw/ which is appropriate, but the declaration is incomplete. `_write_ledger(), _get_db(), _write_cache(), _append_portfolio_snapshot()` → Update SKILL.md to declare filesystem:WRITE with justification: 'Writes trading state, ledger, and cache to ~/.openclaw/ for resilience and cross-skill data sharing.'	`scripts/trade_ledger.py, scripts/brier_tracker.py, scripts/kalshalyst.py`
Medium	SQLite database creation not declared Doc Mismatch brier_tracker.py creates and writes to ~/.openclaw/state/brier_tracker.db for Brier score calibration tracking. This is a database WRITE operation not mentioned in SKILL.md. `db = sqlite3.connect(str(DB_PATH)); DB_PATH = Path.home() / ".openclaw" / "state" / "brier_tracker.db"` → Declare database:WRITE permission in SKILL.md or document that SQLite is used for calibration tracking.	`scripts/brier_tracker.py:63`
Low	External config files influence execution behavior Supply Chain Multiple scripts load configuration from ~/prompt-lab/ (prompt.md, exit_rules.md, sports_model_weights.json) and ~/kelly_config.json, allowing user-controlled config to alter behavior. No path traversal, but the pattern allows arbitrary code-adjacent configuration. `Path.home() / "prompt-lab" / "prompt.md"; Path.home() / "prompt-lab" / "exit_rules.md"` → Document the plug-in config locations and validate loaded values to prevent configuration injection.	`scripts/claude_estimator.py, scripts/kelly_size.py, scripts/sports_estimator.py`
Low	API key access from .env file not declared Sensitive Access claude_estimator.py reads ANTHROPIC_API_KEY from ~/.openclaw/.env file. This credential access is not declared in SKILL.md's credentials section. `env_path = Path.home() / ".openclaw" / ".env"` → Add .env file credential loading to the documented credential access pattern in SKILL.md.	`scripts/claude_estimator.py:63`
Low	Sibling skill imports at runtime not documented Doc Mismatch auto_trader.py imports from kalshi-command-center skill at runtime: SCRIPT_DIR.parent.parent / 'kalshi-command-center' / 'scripts'. The skill's inter-operation with sibling skills is not declared. `KALSHI_CMD_DIR = SCRIPT_DIR.parent.parent / "kalshi-command-center" / "scripts"; sys.path.insert(0, str(KALSHI_CMD_DIR))` → Document that this skill integrates with kalshi-command-center for trade execution.	`scripts/auto_trader.py:45`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	SKILL.md: HTTP calls to api.elections.kalshi.com and Anthropic API
Filesystem	`READ`	`WRITE`	✗ Violation	scripts/kalshalyst.py:103 _write_cache writes to ~/.openclaw/state/; trade_ledge…
Shell	`NONE`	`WRITE`	✗ Violation	scripts/claude_estimator.py:30 subprocess.run(['claude', '-p', ...]) with shell …
Environment	`NONE`	`READ`	✗ Violation	scripts/claude_estimator.py:63 reads ANTHROPIC_API_KEY from os.environ and ~/.op…
Skill Invoke	`NONE`	`READ`	✓ Aligned	scripts/auto_trader.py:45 imports from sibling kalshi-command-center skill
Database	`NONE`	`WRITE`	✗ Violation	scripts/brier_tracker.py:63 creates SQLite DB at ~/.openclaw/state/brier_tracker…

11 findings

🔗

Medium External URL 外部 URL

https://kalshi.com

SKILL.md:37

🔗

Medium External URL 外部 URL

https://console.anthropic.com

SKILL.md:43

🔗

Medium External URL 外部 URL

https://polygon.io

SKILL.md:49

🔗

Medium External URL 外部 URL

https://ollama.ai

SKILL.md:62

🔗

Medium External URL 外部 URL

https://status.kalshi.com

SKILL.md:621

🔗

Medium External URL 外部 URL

https://x.com/KingMadeLLC

SKILL.md:732

🔗

Medium External URL 外部 URL

https://api.elections.kalshi.com/trade-api/v2/portfolio/orders/

scripts/auto_trader.py:409

🔗

Medium External URL 外部 URL

https://api.elections.kalshi.com/trade-api/v2/portfolio/positions?limit=1

scripts/kalshalyst.py:152

🔗

Medium External URL 外部 URL

https://api.elections.kalshi.com/trade-api/v2/markets

scripts/kalshalyst.py:456

🔗

Medium External URL 外部 URL

https://api.elections.kalshi.com/trade-api/v2

scripts/kalshalyst.py:854

🔗

Medium External URL 外部 URL

https://api.elections.kalshi.com/trade-api/v2/markets/

scripts/pnl_tracker.py:525

File Tree

17 files · 267.5 KB · 7728 lines

Python 10f · 5392L Markdown 6f · 2332L Text 1f · 4L

├─ ▾ 📁 references

│ ├─ 📝 blocklist.md Markdown 368L · 11.4 KB

│ ├─ 📝 brier-schema.md Markdown 524L · 14.1 KB

│ ├─ 📝 contrarian-prompt.md Markdown 274L · 9.6 KB

│ └─ 📝 kelly-math.md Markdown 386L · 10.3 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 auto_trader.py Python 883L · 38.4 KB

│ ├─ 🐍 brier_tracker.py Python 346L · 11.2 KB

│ ├─ 🐍 circuit_breaker.py Python 242L · 8.9 KB

│ ├─ 🐍 claude_estimator.py Python 443L · 16.5 KB

│ ├─ 🐍 kalshalyst.py Python 876L · 31.5 KB

│ ├─ 🐍 kelly_size.py Python 275L · 9.1 KB

│ ├─ 🐍 pnl_tracker.py Python 1111L · 39.9 KB

│ ├─ 🐍 qwen_analyzer.py Python 201L · 6.0 KB

│ ├─ 🐍 sports_estimator.py Python 670L · 23.0 KB

│ └─ 🐍 trade_ledger.py Python 345L · 10.8 KB

├─ 📝 README.md Markdown 46L · 2.6 KB

├─ 📄 requirements.txt Text 4L · 70 B

└─ 📝 SKILL.md Markdown 734L · 24.1 KB

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`kalshi-python`	`1.0.0`	pip	No	Pinned
`anthropic`	`0.18.0`	pip	No	Pinned to major.minor
`requests`	`2.32.5`	pip	No	Pinned
`pyyaml`	`6.0.3`	pip	No	Pinned
`sqlite3`	`stdlib`	Python stdlib	No	Built-in module for Brier tracking
`claude-cli`	`unpinned`	system	No	External CLI binary, version not declared

Security Positives

✓ No credential exfiltration — API keys only used for intended Kalshi/Anthropic API calls

✓ No obfuscation — all code is readable Python with clear intent

✓ No base64, no eval(), no reverse shell, no C2 patterns detected

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or system directories outside ~/.openclaw/

✓ Comprehensive safety controls: circuit breaker pattern, reconciliation with portfolio API, daily loss limits, max exposure caps

✓ Pinned dependencies with known versions in requirements.txt (kalshi-python==1.0.0, anthropic==0.18.0, requests==2.32.5, pyyaml==6.0.3)

✓ Demo mode gracefully handles missing credentials without crashes

✓ File locking (fcntl) on trade log writes prevents corruption

✓ All network calls go to documented, legitimate endpoints (Kalshi, Anthropic, Polygon)

✓ Trade ledger serves as a resilient fallback when API is unavailable — good defense-in-depth design

Scan Report

Findings 6 items

File Tree

Dependencies 6 items

Security Positives