ClawHub

국토부 부동산 실거래가

Security checks across malware telemetry and agentic risk

Overview

This real-estate lookup skill mostly matches its stated purpose, but its script has a real code-execution risk and confusing credential handling that require review before use.

Review or fix the script before installing. At minimum, pass parameters to Python as argv or environment variables, validate district code, YYYYMM, and row count, use the documented user-owned credential path or an environment variable, and store the API key with restrictive permissions such as chmod 600. Expect the skill to contact data.go.kr and optionally route related requests to search, law, weather, or finance tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger expressions for intent routing are broad enough to match ordinary conversation, which can cause this skill to activate unexpectedly and pull external real-estate data when the user did not clearly request it. In an agent ecosystem, ambiguous routing increases the risk of unintended tool use, incorrect context switching, and disclosure of user context to external connectors.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The cross-skill trigger phrase is vague and can collide with many normal requests, potentially invoking legal-search functionality without sufficient user intent or scope boundaries. Because cross-skill execution may expand the set of tools and data sources used, ambiguous triggers increase the chance of unnecessary data sharing and unintended actions across skills.

Vague Triggers

Medium
Confidence
84% confidence
Finding
This trigger is ambiguous and lacks scope constraints, so common phrases about environment or investment could cause the agent to branch into unrelated partner skills. In a multi-skill environment, this broad routing can lead to unintended external calls, over-collection of contextual data, and confusing or policy-bypassing behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script reads a local API key from a fixed filesystem path and uses it automatically without any disclosure or consent prompt. In an agent/skill context, accessing local credentials can surprise users, couple execution to a sensitive host secret, and expose that credential through downstream errors, logging, or unintended reuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends a request to an external government API using local inputs and the loaded API key, but gives no explicit user-facing notice that data and credentials will be transmitted off-host. In a skill setting, undisclosed outbound network access is a real security concern because it can leak usage patterns, query data, and consume or expose the caller's API-backed identity.

Session Persistence

Medium
Category
Rogue Agent
Content
2. 로그인 → 마이페이지 → **일반 인증키(Decoding)** 복사
3. API 키 저장:
   ```bash
   mkdir -p ~/.config/data-go-kr
   echo "YOUR_API_KEY" > ~/.config/data-go-kr/api_key
   ```
4. 아래 서비스 **활용신청** 후 사용 (자동승인)
Confidence
78% confidence
Finding
mkdir -p ~/.config/data-go-kr echo "YOUR_API_KEY" > ~/.config

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal