KIS Trading (한국투자증권)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kis-trading Version: 1.0.0 The OpenClaw AgentSkills bundle for KIS stock trading appears benign. All Python scripts interact with the legitimate Korea Investment & Securities (KIS) Open API for its stated purpose (balance, quotes, orders, history). Sensitive API keys and tokens are handled appropriately, with the token cached locally with restricted file permissions. Crucially, the SKILL.md explicitly and repeatedly instructs the AI agent to obtain user confirmation before executing any trade orders, demonstrating a strong commitment to user safety rather than malicious prompt injection. No evidence of data exfiltration, malicious execution, persistence, or obfuscation was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes this command prematurely or with misunderstood parameters, it could place real stock trades and cause financial loss.
After printing an order warning, the script immediately calls the order API; there is no required --confirm flag or interactive prompt before a live buy/sell order is submitted.
print(f"\n⚠️ 위 내용으로 {side_str} 주문을 실행합니다.")
result = place_order(cfg, token, args.side, args.code, args.qty, args.price, args.market)Use the demo KIS endpoint first, require explicit user approval before every order, and consider modifying the script so --dry-run is the default and live orders require a separate --confirm flag or interactive confirmation.
Anyone with access to the config or cached token may be able to query account information or place trades through the broker API.
The skill requires broker API credentials and an account number, then caches an access token locally. This is expected for KIS trading, but it grants sensitive account access.
required = ['APP_KEY', 'APP_SECRET', 'ACCOUNT_NO'] ... _TOKEN_FILE = os.path.expanduser('~/.kis-trading/token.json') ... json.dump({'token': token, 'expired': expired}, f)Store the config and token files securely, avoid sharing command output or config files, and use the least-privileged/demo credentials where possible.
Users have less external context for verifying the publisher, maintenance history, or authenticity of a financial-trading skill.
The package does not provide an upstream source or homepage. For a skill that handles broker credentials and orders, provenance is important even though the included code is reviewable.
Source: unknown Homepage: none
Verify the publisher and code before use, and prefer a trusted or auditable source for tools that can access brokerage accounts.