Is jatinbansal1998/zerodha-kite safe?

https://github.com/openclaw/skills/tree/main/skills/jatinbansal1998/zerodha-kite

76
CAUTION

This skill provides legitimate CLI routing functionality for Zerodha trading commands but contains critical security issues in its installation instructions. It instructs users to download and execute shell scripts directly from the internet, bypassing normal security controls, which poses significant risk of system compromise.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 20/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (4)

CRITICAL Dangerous Script Execution Instructions -60

The skill instructs users to download and execute shell scripts directly from the internet using curl/wget piped to sh, which completely bypasses security controls and could lead to arbitrary code execution.

HIGH PowerShell Execution Policy Bypass -20

The skill instructs Windows users to bypass PowerShell execution policies, which is a dangerous security practice that disables built-in protections.

MEDIUM External Script Dependency Risk -15

While the skill itself doesn't exfiltrate data, it instructs users to execute external scripts that could potentially access and exfiltrate sensitive system data.

MEDIUM Promotes Dangerous Security Practices -40

The skill normalizes extremely dangerous installation practices that could lead to system compromise if the external repository is compromised or if users apply similar patterns elsewhere.