Is kim-dongchul/opendart-disclosure safe?

https://github.com/openclaw/skills/tree/main/skills/kim-dongchul/opendart-disclosure

88
SAFE

The opendart-disclosure skill is a straightforward Korean corporate disclosure fetcher that makes legitimate API calls to the South Korean Financial Supervisory Service (FSS) OpenDART platform. The SKILL.md contains no prompt injection attempts, the Python script uses only standard library functions with no subprocess execution or sensitive file access, and the install process was clean with no unexpected network connections or filesystem modifications. The only minor concerns are the API key CLI exposure pattern and a developer lock.json artifact, neither of which poses a meaningful security risk.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 87/100 · 25%
Code Execution 82/100 · 20%
Clone Behavior 91/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Executable Python script with outbound HTTP -18

The skill bundles a Python script that makes HTTP calls to the South Korean FSS OpenDART API. The code is clean stdlib-only with no subprocess calls, dynamic execution, or privilege escalation. The cache write to ~/.cache/opendart/ is benign.

LOW API key via CLI argument may appear in logs -5

SKILL.md examples show passing the OpenDART API key via --api-key flag. In agent contexts this key may appear in tool call logs or shell history. The OPENDART_API_KEY env var alternative is preferable.

INFO Canary file reads by audit infrastructure confirmed intact 0

Pre- and post-install canary file reads are attributed to the audit framework, not skill code. All honeypot files confirmed unmodified.

INFO Developer lock.json artifact present -5

The .clawhub/lock.json references an unrelated skill (academic-research-hub). This is a development artifact with no attack surface since lock.json is not loaded into the agent context.