MIJ Kakao Local API (PowerShell)
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Kakao address and place lookup skill, but it uses a Kakao API key, external Kakao lookups, and optional local caching that users should configure carefully.
Before installing, confirm you are comfortable sending address, place, and optional coordinate searches to Kakao. Use a dedicated Kakao REST API key, keep config.json out of version control, and review any PowerShell script you create or run because the package is instruction-only.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can make Kakao API requests using your Kakao app key; if the key is exposed, someone could consume quota or use enabled Kakao APIs for that app.
The skill requires a Kakao service credential and recommends storing it in an environment variable or config file. This is expected for Kakao API access, but the credential should be protected.
- Kakao Developers REST API Key ... [Environment]::SetEnvironmentVariable("KAKAO_REST_API_KEY", "your_rest_api_key_here", "User")Use a dedicated Kakao REST API key, avoid committing config.json, prefer environment/session storage where practical, and rotate the key if it is exposed.
Address, keyword, and optional coordinate searches are sent to Kakao when the skill is used.
The reference script invokes local curl.exe to call the Kakao API with the authorization header. This command/network use is disclosed and central to the skill's purpose.
$curlPath = "curl.exe" ... $response = & $curlPath -s -X GET $url -H $authHeader
Use the skill only when external Kakao lookups are intended, and avoid submitting sensitive locations or queries unless that data sharing is acceptable.
Saved addresses, places, and search history could reveal location interests if the local files are shared, synced, or reused by another workflow.
The integration examples show saving favorite places and cached search results to local JSON files. This is user-directed example behavior, but it may persist location-related data for later reuse.
Out-File ".\skills\kakao-local\data\places.json" ... Out-File ".\skills\kakao-local\data\cache.json"
Treat saved places and cache files as private data, clear them when no longer needed, and do not treat cached results as authoritative without checking freshness.
A user could accidentally run a different local script than the reviewed reference if they recreate the helper manually.
The package is instruction-only and has unknown source provenance, while the documentation references a PowerShell helper script. No hidden installer is shown, but users may need to manually create or copy runnable code.
Source: unknown ... No install spec — this is an instruction-only skill. No code files present
If creating the PowerShell script, copy only from the reviewed reference content, verify the Kakao endpoints, and avoid downloading replacement scripts from untrusted sources.