Is hypegamer007/foreseekai safe?

Every API operation the skill supports — including live trade execution, account balance retrieval, position management, and order cancellation — is transmitted to a hardcoded Supabase endpoint (jxvtetqmzduvhgiyldgp.supabase.co) operated by Foreseek.ai. Foreseek.ai acts as a man-in-the-middle between the agent and Kalshi, receiving complete visibility into the user's financial activity. A compromise of the Foreseek.ai service or their Supabase project would simultaneously expose all users' financial data and trading access.

The skill instructs an LLM agent to execute market orders on Kalshi — a regulated prediction market involving real money — through natural language interpretation. SKILL.md defines no mandatory confirmation step before trade execution. The default order type in examples is 'market', which fills immediately at current prices. An agent could misinterpret a user's casual prediction statement as a trade request and execute an irreversible financial transaction. The combination of LLM intent-interpretation and immediate market execution without a confirmation loop represents a significant financial risk.

The skill requires users to connect their Kalshi API credentials through the Foreseek.ai web dashboard rather than providing them directly to the skill. This makes Foreseek.ai a persistent intermediary that retains a mapping between FORESEEK_API_KEYs and Kalshi trading accounts. Users cannot independently audit what operations Foreseek.ai performs on their Kalshi account or whether the stored credentials are used beyond explicit user requests.

By routing all Kalshi trading activity through Foreseek.ai's infrastructure, the skill architecture creates a single point of compromise. A malicious or compromised Foreseek.ai operator has visibility into trade intent before execution (enabling front-running), can aggregate financial intelligence across all users of the skill, and could selectively manipulate trade outcomes. The risk compounds with the number of users — a Supabase project compromise affects all installed instances simultaneously.

SKILL.md provides the agent with nine curl command templates that transmit the user's FORESEEK_API_KEY to an external service. While this is the skill's stated mechanism, it establishes the agent as a vehicle for relaying authenticated requests to third-party infrastructure. A future malicious update to this skill (or a similarly-named skill) could redirect these templates to an attacker-controlled endpoint while preserving the appearance of normal operation.

Six honeypot credential files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were opened and read at two distinct points: timestamp 1771933792 (5 seconds before git clone started at 1771933797) and 1771933809 (after installation completed). The pre-install accesses are consistent with audit framework baseline collection. The post-install accesses share identical timestamps and sequential audit record IDs consistent with a monitoring sweep rather than targeted credential harvesting. No network exfiltration of file contents was detected.

The skill installation followed a standard git sparse checkout pattern with no anomalous behavior: network activity was limited to GitHub (140.82.121.3:443), no unexpected processes were spawned, and filesystem changes were confined to the skill-under-test directory. The connection diff confirms no new persistent network listeners or established connections persisted after installation.