ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Korea Eximbank Exchange CLI

v0.1.0

Korea Eximbank (한국수출입은행) OpenAPI 환율(AP01/AP02/AP12) 조회 CLI — 날짜/통화 필터, JSON/CSV 출력 지원

0· 73·0 current·0 all-time
byChloe Park@chloepark85

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chloepark85/korea-eximbank-exchange-cli.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Korea Eximbank Exchange CLI" (chloepark85/korea-eximbank-exchange-cli) from ClawHub.
Skill page: https://clawhub.ai/chloepark85/korea-eximbank-exchange-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: KOREAEXIM_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install korea-eximbank-exchange-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install korea-eximbank-exchange-cli
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a CLI for Korea Eximbank OpenAPI and requires only KOREAEXIM_API_KEY, which is appropriate. However, there are no code files or install specification bundled with the skill despite the README showing a package/CLI (eximbank-exchange). That gap makes the skill incomplete or misleading: either the skill expects the user/agent to fetch/install external code (not documented in the skill metadata) or the packaged CLI is missing.
Instruction Scope
SKILL.md only instructs to set KOREAEXIM_API_KEY and run the CLI (eximbank-exchange) and includes a pip install -e . instruction. The instructions reference only the declared env var and the official API URL — no unrelated files, secrets, or system paths are requested. The concern is the instruction to run pip install -e . (which modifies the local Python environment) while no package is provided in the skill bundle.
Install Mechanism
There is no install spec in the skill metadata (instruction-only), which is low-install risk. But SKILL.md suggests installing the package locally with `pip install -e .`; since the skill package contents are not included, that instruction is inconsistent and would require obtaining code externally (e.g., from the GitHub repo). Downloading and pip-installing code from an external source carries typical supply-chain risk and should be reviewed before running.
Credentials
Only a single environment variable (KOREAEXIM_API_KEY) is required and that aligns with the skill's purpose of querying the Korea Eximbank OpenAPI. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill is not marked always:true and uses default autonomous-invocation settings. It does not request persistent system privileges or modification of other skills' configurations. No additional privilege concerns detected.
What to consider before installing
This skill appears to be an instructions-only wrapper for a CLI that calls Korea Eximbank's OpenAPI and legitimately needs only your KOREAEXIM_API_KEY. However, the skill bundle does not include the CLI code or an install spec even though SKILL.md tells you to `pip install -e .` and run `eximbank-exchange`. Before installing or running anything, do the following: 1) Inspect the referenced GitHub repo (https://github.com/ChloePark85/korea-eximbank-exchange-cli) yourself — review the source, setup.py/pyproject, and entry points that create the CLI. 2) If you decide to install, avoid running `pip install -e .` in a production environment — use an isolated virtualenv or container. 3) Verify the package integrity (releases/tags) and prefer installing from an official released package rather than arbitrary master/main snapshots. 4) Limit the API key's scope and do not reuse high-privilege credentials; rotate the key if you test it with an untrusted package. 5) If you only need a quick query, consider making direct HTTP calls to the documented API endpoint instead of installing unverified code. These steps reduce supply-chain and credential-exposure risks.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvKOREAEXIM_API_KEY
Primary envKOREAEXIM_API_KEY
latestvk978bzvttbb30vw9yfbah20aj185dvxg
73downloads
0stars
1versions
Updated 5d ago
v0.1.0
MIT-0
Chloe Park@chloepark85
latest
Download

Korea Eximbank Exchange CLI

Korea Eximbank (한국수출입은행) OpenAPI 기반 환율 조회 CLI이다. 지정한 날짜의 KRW 기준 환율표(AP01/일반고시환율 등)를 JSON/CSV로 출력한다.

설치

pip install -e .

사용법

export KOREAEXIM_API_KEY="<발급키>"
eximbank-exchange --date 2024-12-31 --table AP01 --format json | jq '.'

옵션:

  • --date YYYY-MM-DD 또는 YYYYMMDD (기본: 오늘, KST)
  • --table AP01|AP02|AP12 (기본: AP01)
  • --format json|csv (기본: json)
  • --filter <CURRENCY> 특정 통화만 필터 (예: USD, JPY)

예시

eximbank-exchange --date 2025-01-02 --table AP01 --filter USD --format csv

주의사항

  • 영업일이 아닌 경우 API는 빈 배열([])을 반환할 수 있다.
  • 요청 제한이 있을 수 있으며, 오류 시 API의 msg 필드를 확인하라.

Comments

Loading comments...