Maoyan CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Maoyan movie-theater query skill; the main things to notice are local Python execution, Maoyan network requests, optional location use, and limited source provenance.
This skill looks reasonable for querying Maoyan showtimes and cinema data. Before installing, be comfortable running the included Python script and sending movie/cinema queries to Maoyan; only share precise location when distance-based results are needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs the included Python CLI on the local machine.
The skill explicitly works by running a local Python script. This is central to the documented CLI purpose, but it still means the user’s agent will execute local code.
本技能通过执行本地 Python 脚本查阅猫眼电影数据。
Install and invoke it only if you trust the skill package; avoid changing the documented commands to run unrelated code.
If you provide precise location, it may be used in Maoyan cinema queries for distance sorting.
The skill directs the agent to use latitude/longitude when available so results can be sorted by distance. That is relevant to cinema lookup, but it can disclose precise location to the external Maoyan-backed query flow.
如果有用户的具体位置信息,请传入经纬度以按距离排序。
Only provide exact latitude/longitude when you want location-based sorting; otherwise use city-level queries.
It may be harder to independently verify the publisher, upstream code history, or maintenance source.
The registry information does not provide an upstream source or homepage, which limits provenance verification even though the included behavior appears coherent and purpose-aligned.
Source: unknown; Homepage: none
Review the included script and publisher information before installing, especially if using it in a sensitive environment.