ClawHub

KIS Trading (한국투자증권)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real KIS brokerage helper, but it can submit live stock orders without an enforced confirmation step inside the order script.

Install only if you intentionally want an agent to access your KIS brokerage account. Start with the mock trading endpoint, keep ~/.kis-trading/config.ini and token.json private, verify BASE_URL before any use, run order.py with --dry-run first, and require explicit approval before any non-dry-run buy or sell command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes Python scripts that can write/read local files, execute shell commands, and access the KIS trading API over the network, but it declares no permissions or capability boundaries. In a trading skill, this is dangerous because the effective actions include account access and live order placement; without explicit permission declarations, an agent framework may not surface the true risk to users or may allow broader execution than expected.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The order examples use broad conversational triggers like '삼성전자 10주 매수' and '카카오 5주 매도', which could be interpreted from ordinary chat without strict activation boundaries. In a live stock-trading skill, ambiguous transactional invocation is especially dangerous because misrouting or accidental execution could place real buy/sell orders affecting the user's account and funds.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This reference explicitly documents live trading actions such as buy, sell, and modify/cancel orders, but provides no warning that these operations can affect real user funds and positions. In a trading skill, omission of such safety context increases the risk of accidental execution, especially because both production and paper-trading environments are listed and the live endpoint is presented first.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document includes sensitive authentication headers such as bearer tokens, app keys, and app secrets without any handling guidance or warning against logging, sharing, or embedding them in prompts and code snippets. In a brokerage API context, exposure of these credentials can enable unauthorized account access and potentially fraudulent trading or data retrieval.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The module persists an access token to ~/.kis-trading/token.json, creating local credential material on disk without any notice or opt-in in this code path. On shared systems, backup-synced home directories, or weakly secured environments, this increases the chance of token exposure and unauthorized API use during the token lifetime.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal