pp-kalshi

Warn

Audited by Socket on May 15, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s stated analytics purpose is only partly aligned with its actual footprint: it installs third-party CLIs from a different publisher namespace, accepts sensitive Kalshi signing credentials, enables live trading and fund-transfer actions, and can POST outputs to arbitrary webhooks. This is not confirmed malware, but it is a high-risk financial automation skill with notable supply-chain and data-flow concerns.

Confidence: 85%Severity: 82%
Audit Metadata
Analyzed At
May 15, 2026, 01:45 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-kalshi%2F@8810fa8c4f16c6a4894b7e268b2f76005c61a90c
Security Audit — socket — pp-kalshi