← Back to Skills Marketplace
sw326

국토부 부동산 실거래가

by 김성우 · GitHub ↗ · v2.2.0
cross-platform ⚠ suspicious
529
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install molit-real-estate
Description
MOLIT apartment real transaction price API
Usage Guidance
The skill implements the claimed MOLIT API calls, but it contains a clear inconsistency: SKILL.md tells users to save their API key at ~/.config/data-go-kr/api_key while the script reads /home/scott/.config/data-go-kr/api_key. Before installing or using this skill: 1) Inspect and edit scripts/real_estate.sh to remove the hardcoded '/home/scott' path (use $HOME or the documented ~/.config path, or better accept an env var). 2) Require the skill metadata to declare the config path or env variable for the API key so the agent can surface that requirement. 3) Consider storing the key with correct permissions and avoid putting secrets into logs; note the script sends the key as a URL parameter (common for this API) which can show up in server logs—if concerned, prefer POST or server-side proxying. 4) Test the script in a sandbox with your key and confirm it only queries apis.data.go.kr and prints results. If you are not comfortable editing the script to remove the hardcoded path, do not install the skill.
Capability Analysis
Type: OpenClaw Skill Name: molit-real-estate Version: 2.2.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/real_estate.sh`. The script directly interpolates user-controlled arguments (`$1`, `$2`, `$3`) into a `python3 -c "..."` command without proper escaping. This allows an attacker, via prompt injection against the OpenClaw agent, to execute arbitrary shell commands on the host system, leading to Remote Code Execution (RCE). Additionally, the script hardcodes the API key path to `/home/scott/.config/data-go-kr/api_key`, which is a bug that may prevent the skill from functioning correctly for other users.
Capability Assessment
Purpose & Capability
The skill's stated purpose (query MOLIT real transaction API) matches the network call in scripts/real_estate.sh, so functionality is coherent. However, the metadata claims no required config/credentials while SKILL.md and the script both rely on a local API key file — that discrepancy is unexpected and disproportionate to the stated metadata.
Instruction Scope
SKILL.md instructs storing the API key at ~/.config/data-go-kr/api_key, but scripts/real_estate.sh opens '/home/scott/.config/data-go-kr/api_key' (an absolute, user-specific path). The script reads a local file and makes outbound HTTPS calls to the public MOLIT endpoint (expected), but the hardcoded /home/scott path is out-of-scope for a general skill and may cause accidental disclosure or failed runs.
Install Mechanism
No install spec (instruction-only plus an included script). Nothing is downloaded or extracted from arbitrary URLs; risk from install mechanism is low.
Credentials
The skill requires an API key to call data.go.kr, yet registry metadata declares no required env vars or config paths. The SKILL.md suggests storing a key in ~/.config/data-go-kr/api_key but the script ignores that and reads a hardcoded '/home/scott' path. This is a mismatch and an overreach (the skill should declare a single, configurable credential location or allow passing the key via env var).
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges. It does not modify other skills or global configuration in the provided materials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install molit-real-estate
  3. After installation, invoke the skill by name or use /molit-real-estate
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.0
아파트 실거래가 조회 — 국토교통부 MOLIT API
Metadata
Slug molit-real-estate
Version 2.2.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 국토부 부동산 실거래가?

MOLIT apartment real transaction price API. It is an AI Agent Skill for Claude Code / OpenClaw, with 529 downloads so far.

How do I install 국토부 부동산 실거래가?

Run "/install molit-real-estate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 국토부 부동산 실거래가 free?

Yes, 국토부 부동산 실거래가 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 국토부 부동산 실거래가 support?

국토부 부동산 실거래가 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 국토부 부동산 실거래가?

It is built and maintained by 김성우 (@sw326); the current version is v2.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments