한국 법령/판례 검색
Korean law/case search via law.go.kr + data.go.kr APIs. Use for legal questions, statute lookup, court cases, and everyday legal info.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 483 · 0 current installs · 0 all-time installs
by김성우@sw326
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
SKILL.md and description claim primary integration with law.go.kr (with an OC credential stored at ~/.config/law-go-kr/credentials.json), but the included scripts exclusively call data.go.kr endpoints and read ~/.config/data-go-kr/api_key. The registry metadata declares no required env or config paths, which is inconsistent with the scripts' expectation of local credential files. Asking for a law.go.kr credential in docs while code never uses it is disproportionate and confusing.
Instruction Scope
The runtime scripts perform only API queries and XML→JSON parsing (expected for this skill) but: (1) they call apis.data.go.kr over plain HTTP (http://) and include the serviceKey in the request URL, exposing API keys in cleartext on the network; (2) they build python -c invocations like print(urllib.parse.quote('$QUERY')) where $QUERY is expanded unescaped by the shell — this construction is vulnerable to command substitution/injection if the query string contains shell metacharacters; (3) SKILL.md references connectors for saving/notification (Notion, Telegram) but scripts do not implement or declare network destinations beyond the official APIs. The scripts only read local config files and do not exfiltrate data to unexpected endpoints, but the HTTP + quoting issues are significant.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). Nothing is downloaded or installed automatically by the skill bundle, which minimizes installation risk. The included shell/Python scripts are plain text and run locally when invoked.
Credentials
The skill metadata declared no required environment variables or config paths, yet the scripts expect ~/.config/data-go-kr/api_key (and SKILL.md suggests ~/.config/law-go-kr/credentials.json). This mismatch is problematic: the skill will silently read local credential files that were not declared as required. Also, transmitting the data.go.kr serviceKey over HTTP is a credential exposure risk. The number and placement of credentials requested by the documentation and code are inconsistent and not properly declared.
Persistence & Privilege
The skill does not request always:true and includes no install-time modifications. It does not modify other skills or system-wide settings. It simply runs scripts on demand and reads per-user config files.
What to consider before installing
This skill appears to be what it says (a Korean law/case search), but it has several concrete issues you should address before enabling it for routine use:
1) Declaration mismatch: The skill metadata declares no required credentials/config paths, yet the scripts read ~/.config/data-go-kr/api_key (and the docs mention ~/.config/law-go-kr/credentials.json). Ask the author to update the metadata to list required config paths or remove undeclared file access. Only provide the specific API key the skill actually needs (preferably a limited-scope key).
2) Network security: The scripts call data.go.kr over plain HTTP and include the API key in the URL. This exposes your key on the network. Require HTTPS endpoints (or confirm the official API supports HTTPS) before using real keys.
3) Shell injection risk: The scripts build python -c commands that interpolate unescaped user input ($QUERY). If the skill runs these scripts with input derived from user queries, a specially crafted query could trigger shell substitution. Recommend the author rewrite encoding routines to avoid shell interpolation (for example, pass query strings as arguments or use printf %q, or use a safe wrapper in Python that reads from stdin/argv).
4) Credential scope and origin: SKILL.md claims law.go.kr is the primary API but the scripts only use data.go.kr. Clarify which API is primary and remove unused credential steps—or implement law.go.kr support if intended.
5) Operational precautions: Until the above are fixed, run the skill in a restricted environment (sandbox/container), do not supply high-privilege credentials, and review the scripts locally. If you must use it now, create a throwaway or limited-scope API key at data.go.kr and monitor its usage.
If the author provides updated metadata (declared config paths), switches to HTTPS, and fixes argument quoting/escaping, the incoherence and immediate security concerns would be addressed.Like a lobster shell, security has layers — review code before you run it.
Current versionv2.1.0
Download zipkoreakoreanlatestlawlegal
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Law & Case Search Skill
Korea Legislation Research Institute (MOLEG) law search, statute detail, case search. Inspired by Cowork Legal plugin architecture.
Overview
| Key | Value |
|---|---|
| Provider | MOLEG (Ministry of Government Legislation) |
| API Source | law.go.kr (primary) + data.go.kr (fallback) |
| Auth (law.go.kr) | ~/.config/law-go-kr/credentials.json → OC code |
| Auth (data.go.kr) | ~/.config/data-go-kr/api_key |
| Daily limit | 10,000 calls |
| Playbook | playbook.md |
Scripts
scripts/
├── law_search.sh → Search laws by keyword
├── law_detail.sh → Statute text by law ID
├── case_search.sh → Court case search
└── life_law.sh → Everyday legal info search
Workflow
Step 1: Analyze question
- Extract legal keywords from user question
- Match against
playbook.mdinterest areas - Decide strategy: statute-focused? case-focused? combined?
Step 2: Search statutes
law_search.sh "keyword"→ list of relevant laws
Step 3: Fetch statute text (if needed)
law_detail.sh [law_id]→ specific articles
Step 4: Search cases
case_search.sh "keyword"→ relevant court decisions
Step 5: Everyday legal info (optional)
life_law.sh "keyword"→ plain-language legal guide
Step 6: Structured response using template
Output Template
Action-first structure: lead with what to DO, then back it up with law.
## ⚖️ [Topic]
### 📋 Core Answer
[1-2 sentence conclusion — what the user needs to know]
### 🚶 What To Do (practical steps)
1. [Concrete action step] — with conditions/branches if needed
2. [Next step]
3. [Final step]
※ [Situation-specific branch: "If X, then A; if Y, then B"]
### 📖 Legal Basis
**[Law Name]** Art. X (Effective YYYY.MM.DD)
> ① Original text...
> → Plain language: [simplified explanation]
**[Related Law]** Art. Y (if applicable)
> ...
### ⚖️ Related Case (if relevant)
**[Case Number]** ([Court], YYYY.MM.DD)
> Key point: [one-line holding]
### 🔗 References
- [Statute](https://www.law.go.kr/...)
⚠️ Reference only — not legal advice. Consult an attorney for important decisions.
Principles:
- User's action = main content; statutes = supporting evidence
- Branch by situation (listed vs unlisted company, etc.)
- Cite specific articles, not just law names
- Ask follow-up if context is needed for better advice
API Endpoints
law.go.kr (Primary)
| Target | Description | URL |
|---|---|---|
| law | Statute search/detail | https://www.law.go.kr/DRF/lawSearch.do?OC={oc}&target=law&type=JSON |
| prec | Court cases | ...&target=prec&type=JSON |
| detc | Interpretation examples | ...&target=detc&type=JSON |
| admrul | Administrative rules | ...&target=admrul&type=JSON |
data.go.kr (Fallback)
| API | Data ID | Endpoint |
|---|---|---|
| Statute search | 15000115 | http://apis.data.go.kr/1170000/law/lawSearchList.do |
| Everyday law | 15000215 | http://apis.data.go.kr/1170000/lifeLawSearch/lifeLawSearchList.do |
| Case text | 15057123 | (linked to law.go.kr) |
Connectors
| Placeholder | Purpose | Current Tool |
|---|---|---|
~~law | Law/case API | law.go.kr, data.go.kr |
~~docs | Save results | Notion |
~~notify | Alerts | Telegram |
~~search | Supplementary search | Brave Search |
Notes
- Disclaimer: API info is reference only. Not legal advice.
- Currency: Based on current law, but recent amendments may have delay.
- Format: law.go.kr returns JSON; data.go.kr returns XML → each needs parser.
- Priority: law.go.kr JSON first → fallback to data.go.kr XML.
- Encoding: URL-encode query parameters.
Cowork Legal architecture v2.1 — 🦞 chumjibot (2026-02-14)
🔧 Setup
법제처 국가법령정보 API (주 API)
- open.law.go.kr 회원가입
- OC 코드 발급 (이메일 @ 앞부분)
mkdir -p ~/.config/law-go-kr && echo '{"oc":"YOUR_OC"}' > ~/.config/law-go-kr/credentials.json
data.go.kr 판례 API (보조)
- data.go.kr 회원가입 → 인증키 복사
mkdir -p ~/.config/data-go-kr && echo "YOUR_KEY" > ~/.config/data-go-kr/api_key
법제처 API 미등록 시에도
web_search폴백으로 법령 기본 검색 가능합니다.
Files
6 totalSelect a file
Select a file to preview.
Comments
Loading comments…