K Cinema Bridge
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: k-cinema-bridge Version: 0.1.1 The skill bundle is benign. All files consistently define a skill for querying Korean movie data from a static API hosted on GitHub Pages. The `SKILL.md` instructions guide the AI agent to use the `WebFetch` tool for specific, well-defined GET requests to `https://uyeong.github.io/k-cinema-bridge/api/` endpoints. The `openapi.json` further constrains path parameters (e.g., `source` enum), mitigating potential injection risks. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the agent may make network requests to the listed public movie-data API; no credentials or local data access are indicated.
The skill instructs the agent to use WebFetch against a disclosed external API. This is purpose-aligned and read-only, but users should know the agent will contact that external site for answers.
allowed-tools: WebFetch ... Base URL: `https://uyeong.github.io/k-cinema-bridge` ... All endpoints are accessible via `GET` requests without authentication.
Install if you are comfortable with the agent fetching public cinema data from the disclosed API, and avoid adding unrelated private information to requests.