Security Audit

JThomasDevs/kalshi-agent:root

github.com/JThomasDevs/kalshi-agent

AI SkillCommit 1da8ba3c5c4c

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

JThomasDevs/kalshi-agent:root received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned npm dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on May 1, 2026 (commit 1da8ba3c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Security Findings1

Severity	Finding	Layer	Location
HIGH	Unpinned npm dependency The skill specifies an npm package 'kalshi-cli' without a version constraint. This means that during installation, the latest version available will be pulled. This can lead to supply chain risks if a malicious or vulnerable version is published in the future, or if breaking changes are introduced that affect the skill's functionality or security. Pin the npm dependency 'kalshi-cli' to a specific, known-good version (e.g., 'kalshi-cli@1.2.3') to ensure deterministic and secure installations. Regularly review and update the pinned version.	Static	Manifest:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5aeab2d69a98d670.svg)](https://skillshield.io/report/5aeab2d69a98d670)