dapp-kalshi

SUSPICIOUS. The stated Kalshi trading purpose matches the high-level commands, but the core execution path is not coherent with the publisher identity: it installs and updates plugin-store from an unrelated personal GitHub raw script, then forwards Kalshi API credentials to that external CLI. Because the skill enables real-money trading and relies on an unverifiable installed tool for authenticated actions, the risk is high even without proof of active exfiltration.