Movie Rec Personal CN
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently fetches public movie data, reads a user-provided movie preference profile, and optionally posts a weekly report to Feishu, with no hidden exfiltration or destructive behavior found.
Before installing, review the included Python script and keep profile.json limited to movie preferences. If you enable the cron job, verify the Feishu chat destination and remember that the report may be sent automatically each week.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify the movie preference profile when you ask it to update your watched or liked movies.
The skill can run Python commands and read/write local files, including updating the local preference profile. This is disclosed and directly supports the stated workflow.
allowed-tools: Bash(python3:*), Read, Write ... AI 会更新 `profile.json` 的 `liked_movies` 数组。
Review profile.json after edits and only ask the skill to update preference data you are comfortable storing locally.
Your profile can influence future recommendations and may contain personal taste information.
The recommendation logic depends on a persistent profile file that stores user movie preferences and is reused across runs.
AI 读取 `profile.json` 中的:... `liked_movies` ... `core_traits` ... `recommendation_rules`
Keep profile.json limited to movie-preference details and remove anything you would not want reused in future recommendations.
The generated recommendation report, potentially including parts of your preferences, may be posted to the configured Feishu chat.
The weekly report is designed to be delivered to an external Feishu chat, which is expected for the skill but crosses a communication boundary.
"delivery": { "mode": "announce", "channel": "feishu", "to": "你的飞书 open_chat_id" }Confirm the Feishu open_chat_id points to the intended private chat or group before enabling scheduled delivery.
If you set up the cron job, the agent will periodically fetch movie data and post reports without a manual prompt each week.
The skill documents an optional recurring cron job that runs weekly and sends the report. This is disclosed and user-configured, not hidden persistence.
在 OpenClaw 中创建 cron job,每周执行一次 ... "schedule": "0 18 * * 5"
Enable the cron job only if you want recurring reports, and disable it when you no longer need automated recommendations.