국토부 부동산 실거래가

The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/real_estate.sh`. The script directly interpolates user-controlled arguments (`$1`, `$2`, `$3`) into a `python3 -c "..."` command without proper escaping. This allows an attacker, via prompt injection against the OpenClaw agent, to execute arbitrary shell commands on the host system, leading to Remote Code Execution (RCE). Additionally, the script hardcodes the API key path to `/home/scott/.config/data-go-kr/api_key`, which is a bug that may prevent the skill from functioning correctly for other users.