kalshi-api
Warn
Audited by Snyk on Jun 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for the Kalshi exchange. It includes authenticated request signing with a private key and concrete endpoints and request schemas that perform money-moving actions: POST /portfolio/orders (place orders), DELETE /portfolio/orders/{id} (cancel), POST /portfolio/orders/{id}/amend, /decrease, and /portfolio/orders/batched, plus balance, positions, fills, and settlements. The README provides example code to sign and send those requests. This is a purpose-built financial execution interface (place/cancel/amend orders), not a generic tool, so it grants direct financial execution capability.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata