Security Audit
JThomasDevs/kalshi-agent:root
github.com/JThomasDevs/kalshi-agentTrust Assessment
JThomasDevs/kalshi-agent:root received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 0 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The manifest_analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 8, 2026 (commit 1af9b54c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Unknown | /tmp/skillscan-clone-6pus16aa/repo/SKILL.md:12 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Unknown | /tmp/skillscan-clone-6pus16aa/repo/install.sh:46 | |
| CRITICAL | Dynamic Code Loading via External Git Clone The installation script downloads the skill's core logic from an external GitHub repository at runtime. This 'dropper' behavior bypasses static security analysis, as the actual code being executed is not present in the skill package. Furthermore, the script pulls the latest version (unpinned), meaning the code can change at any time, introducing a severe supply chain risk. Bundle the source code within the skill package. Do not rely on runtime `git clone`. If external code is required, use a package manager with pinned versions/hashes or pin the git repository to a specific commit hash. | Unknown | install.sh:12 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Unknown | /tmp/skillscan-clone-6pus16aa/repo/SKILL.md:12 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /tmp/skillscan-clone-6pus16aa/repo/install.sh:26 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Unknown | /tmp/skillscan-clone-6pus16aa/repo/install.sh:46 |
Scan History
Embed Code
[](https://skillshield.io/report/5aeab2d69a98d670)
Powered by SkillShield