letterboxd-companion
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a narrow, read-only Letterboxd helper, with the main caution being a manually installed, unpinned third-party Python dependency.
This looks reasonable for checking public Letterboxd information. Before installing, be aware that it requires a Python dependency that is not version-pinned; use a trusted environment and avoid giving it any credentials, since the provided skill does not need them.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require fetching whatever current version of `letterboxdpy` is available from the Python package source.
The skill depends on a third-party Python package without a pinned version, while the registry has no install spec or declared required binaries. This is purpose-aligned but leaves dependency provenance/version control to the user.
letterboxdpy
Install from a trusted Python environment and consider pinning or reviewing the `letterboxdpy` package version before use.