Zerodha
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Zerodha CLI command router, but it handles brokerage credentials and can produce trading/order commands without an explicit approval checkpoint.
Install only if you are comfortable letting the agent help construct Zerodha CLI commands involving brokerage credentials and real trading actions. Do not let order placement, modification, cancellation, or credential setup run automatically; review every command carefully, especially commands containing API secrets or order details.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a generated command is executed, it could place, modify, or cancel real brokerage orders.
The skill covers financial order-changing actions and only specifies missing-field validation for write actions; the artifact does not show a mandatory confirmation or approval step before producing an order command.
Use when a user asks to ... place/modify/cancel orders...; ... Never guess missing required fields for write actions; ask for the missing values.
Require explicit user confirmation for every order-changing command, show a clear preview of account, symbol, side, quantity, price, and product, and avoid executing such commands automatically.
The agent/chat may handle high-value brokerage credentials, and generated commands may expose secrets in command history or process logs if copied and run directly.
The skill instructs the agent to handle brokerage API keys, API secrets, access tokens, and refresh-token-backed profiles, while the provided metadata declares no primary credential or required environment variables.
`zerodha config profile add <profile_name> --api-key <key> --api-secret <secret> --set-active`; ... API data/order commands require an access token. ... CLI auto-refreshes access token when refresh token exists.
Declare credential requirements clearly, prefer secure prompts or keychain/env-based credential entry instead of command-line secrets, and warn users not to paste long-lived trading credentials into chat unless they understand the risk.
Running the installer gives remote script code access to the local machine during setup.
The documented installer executes remote GitHub scripts directly. This is a disclosed, user-directed setup path for the CLI, but it has typical remote-script provenance risk and is not represented by an install spec.
`curl -fsSL https://raw.githubusercontent.com/jatinbansal1998/zerodha-kite-cli/main/scripts/install.sh | sh` ... `irm https://raw.githubusercontent.com/jatinbansal1998/zerodha-kite-cli/main/scripts/install.ps1 | iex`
Inspect the installer first, use a pinned release or commit if available, and avoid running pipe-to-shell or PowerShell `iex` installers unless the source is trusted.
API keys, API secrets, or login tokens may remain in the chat/session context while authentication is being completed.
The login flow asks the agent to retain sensitive auth inputs across messages during the task. This is limited to the login task, but it still places brokerage secrets in conversational context.
Persist auth fields provided in earlier user messages during the same login task.
Prefer entering secrets directly into the trusted CLI when possible, avoid sharing long-lived credentials in chat, and clear or rotate credentials if they may have been exposed.