ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kakao-local-cli

v0.1.1

Command-line tool for Kakao Local API supporting keyword/category place search, geocoding, and reverse geocoding with JSON output and API key authentication.

0· 60·0 current·0 all-time
byChloe Park@chloepark85

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chloepark85/kakao-local-cli.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "kakao-local-cli" (chloepark85/kakao-local-cli) from ClawHub.
Skill page: https://clawhub.ai/chloepark85/kakao-local-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install kakao-local-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install kakao-local-cli
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared runtime requirement (KAKAO_REST_API_KEY in SKILL.md) is coherent with a Kakao Local API CLI. However the registry-level metadata provided earlier in the package summary claims no required env vars and no homepage; that conflicts with the SKILL.md which lists KAKAO_REST_API_KEY and a GitHub homepage. This discrepancy between manifest layers reduces trust.
Instruction Scope
SKILL.md contains only installation instructions (pipx/pip after cloning) and usage examples (search/geocode/reverse). It does not instruct reading unrelated files, exfiltrating data, or accessing additional credentials beyond the Kakao API key.
Install Mechanism
This is an instruction-only skill with no install spec in the registry; SKILL.md tells users to clone the GitHub repo and run pipx install . or pip install . locally. Installing directly from an external repo is common but carries typical risks: the code on GitHub must be reviewed before pip installing since the skill package provides no embedded code for automated review.
Credentials
Requesting a single KAKAO_REST_API_KEY is proportionate for a CLI that calls Kakao's REST API. No other credentials or sensitive environment access are requested in SKILL.md. The inconsistency is that registry metadata earlier stated 'none' for required env — this should be reconciled.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request any elevated or persistent platform privileges. As an instruction-only skill it does not itself write files or modify agent configuration.
What to consider before installing
This skill appears to do what it says: a small CLI wrapper around Kakao Local requiring your Kakao REST API key. However: (1) the SKILL.md declares KAKAO_REST_API_KEY and a GitHub homepage but the registry metadata you were shown earlier does not — verify which is authoritative. (2) Because the package is instruction-only and points to a GitHub repo for installation, inspect the repository code before running pip install/pipx install. (3) Limit the API key's permissions and consider creating a dedicated key you can revoke if needed. (4) If you want higher assurance, ask the publisher for a release tarball or a verified package on a well-known registry, or request that code be embedded for review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97931x6fkjqb7zdxqtvmrz2p9852f4y
60downloads
0stars
2versions
Updated 1w ago
v0.1.1
MIT-0
Chloe Park@chloepark85
latest
Download

Kakao Local API를 위한 경량 CLI 도구이다. 키워드/카테고리 장소검색, 주소→좌표(geocode), 좌표→주소(reverse-geocode)를 지원한다. Linux/macOS/Windows 어디서나 실행 가능하며 STDIN/STDOUT 기반 JSON 출력을 기본으로 하여 에이전트·자동화 파이프라인에 적합하다. 인증은 환경변수 KAKAO_REST_API_KEY로 설정한다.

설치

사용법 예시

  • 키워드 검색 kakao-local search --query "카카오프렌즈" --x 126.9784 --y 37.5666 --radius 5000
  • 카테고리 검색 (카페: CE7) kakao-local search --category CE7 --x 126.9784 --y 37.5666 --radius 1000
  • 지오코딩 (주소→좌표) kakao-local geocode --query "서울특별시 중구 세종대로 110"
  • 리버스 지오코딩 (좌표→주소) kakao-local reverse --x 126.9784 --y 37.5666

환경변수

  • KAKAO_REST_API_KEY: Kakao Developers REST API 키 (필수)

Comments

Loading comments...