pp-kalshi
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill’s stated analytics purpose is only partly aligned with its actual footprint: it installs third-party CLIs from a different publisher namespace, accepts sensitive Kalshi signing credentials, enables live trading and fund-transfer actions, and can POST outputs to arbitrary webhooks. This is not confirmed malware, but it is a high-risk financial automation skill with notable supply-chain and data-flow concerns.
Confidence: 85%Severity: 82%
Audit Metadata