← 返回 Skills 市场
775
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install law-search
功能描述
Korean law/case search via law.go.kr + data.go.kr APIs. Use for legal questions, statute lookup, court cases, and everyday legal info.
使用说明 (SKILL.md)
Law & Case Search Skill
Korea Legislation Research Institute (MOLEG) law search, statute detail, case search. Inspired by Cowork Legal plugin architecture.
Overview
| Key | Value |
|---|---|
| Provider | MOLEG (Ministry of Government Legislation) |
| API Source | law.go.kr (primary) + data.go.kr (fallback) |
| Auth (law.go.kr) | ~/.config/law-go-kr/credentials.json → OC code |
| Auth (data.go.kr) | ~/.config/data-go-kr/api_key |
| Daily limit | 10,000 calls |
| Playbook | playbook.md |
Scripts
scripts/
├── law_search.sh → Search laws by keyword
├── law_detail.sh → Statute text by law ID
├── case_search.sh → Court case search
└── life_law.sh → Everyday legal info search
Workflow
Step 1: Analyze question
- Extract legal keywords from user question
- Match against
playbook.mdinterest areas - Decide strategy: statute-focused? case-focused? combined?
Step 2: Search statutes
law_search.sh "keyword"→ list of relevant laws
Step 3: Fetch statute text (if needed)
law_detail.sh [law_id]→ specific articles
Step 4: Search cases
case_search.sh "keyword"→ relevant court decisions
Step 5: Everyday legal info (optional)
life_law.sh "keyword"→ plain-language legal guide
Step 6: Structured response using template
Output Template
Action-first structure: lead with what to DO, then back it up with law.
## ⚖️ [Topic]
### 📋 Core Answer
[1-2 sentence conclusion — what the user needs to know]
### 🚶 What To Do (practical steps)
1. [Concrete action step] — with conditions/branches if needed
2. [Next step]
3. [Final step]
※ [Situation-specific branch: "If X, then A; if Y, then B"]
### 📖 Legal Basis
**[Law Name]** Art. X (Effective YYYY.MM.DD)
> ① Original text...
> → Plain language: [simplified explanation]
**[Related Law]** Art. Y (if applicable)
> ...
### ⚖️ Related Case (if relevant)
**[Case Number]** ([Court], YYYY.MM.DD)
> Key point: [one-line holding]
### 🔗 References
- [Statute](https://www.law.go.kr/...)
⚠️ Reference only — not legal advice. Consult an attorney for important decisions.
Principles:
- User's action = main content; statutes = supporting evidence
- Branch by situation (listed vs unlisted company, etc.)
- Cite specific articles, not just law names
- Ask follow-up if context is needed for better advice
API Endpoints
law.go.kr (Primary)
| Target | Description | URL |
|---|---|---|
| law | Statute search/detail | https://www.law.go.kr/DRF/lawSearch.do?OC={oc}&target=law&type=JSON |
| prec | Court cases | ...&target=prec&type=JSON |
| detc | Interpretation examples | ...&target=detc&type=JSON |
| admrul | Administrative rules | ...&target=admrul&type=JSON |
data.go.kr (Fallback)
| API | Data ID | Endpoint |
|---|---|---|
| Statute search | 15000115 | http://apis.data.go.kr/1170000/law/lawSearchList.do |
| Everyday law | 15000215 | http://apis.data.go.kr/1170000/lifeLawSearch/lifeLawSearchList.do |
| Case text | 15057123 | (linked to law.go.kr) |
Connectors
| Placeholder | Purpose | Current Tool |
|---|---|---|
~~law |
Law/case API | law.go.kr, data.go.kr |
~~docs |
Save results | Notion |
~~notify |
Alerts | Telegram |
~~search |
Supplementary search | Brave Search |
Notes
- Disclaimer: API info is reference only. Not legal advice.
- Currency: Based on current law, but recent amendments may have delay.
- Format: law.go.kr returns JSON; data.go.kr returns XML → each needs parser.
- Priority: law.go.kr JSON first → fallback to data.go.kr XML.
- Encoding: URL-encode query parameters.
Cowork Legal architecture v2.1 — 🦞 chumjibot (2026-02-14)
🔧 Setup
법제처 국가법령정보 API (주 API)
- open.law.go.kr 회원가입
- OC 코드 발급 (이메일 @ 앞부분)
mkdir -p ~/.config/law-go-kr && echo '{"oc":"YOUR_OC"}' > ~/.config/law-go-kr/credentials.json
data.go.kr 판례 API (보조)
- data.go.kr 회원가입 → 인증키 복사
mkdir -p ~/.config/data-go-kr && echo "YOUR_KEY" > ~/.config/data-go-kr/api_key
법제처 API 미등록 시에도
web_search폴백으로 법령 기본 검색 가능합니다.
安全使用建议
This skill appears to be what it says (a Korean law/case search), but it has several concrete issues you should address before enabling it for routine use:
1) Declaration mismatch: The skill metadata declares no required credentials/config paths, yet the scripts read ~/.config/data-go-kr/api_key (and the docs mention ~/.config/law-go-kr/credentials.json). Ask the author to update the metadata to list required config paths or remove undeclared file access. Only provide the specific API key the skill actually needs (preferably a limited-scope key).
2) Network security: The scripts call data.go.kr over plain HTTP and include the API key in the URL. This exposes your key on the network. Require HTTPS endpoints (or confirm the official API supports HTTPS) before using real keys.
3) Shell injection risk: The scripts build python -c commands that interpolate unescaped user input ($QUERY). If the skill runs these scripts with input derived from user queries, a specially crafted query could trigger shell substitution. Recommend the author rewrite encoding routines to avoid shell interpolation (for example, pass query strings as arguments or use printf %q, or use a safe wrapper in Python that reads from stdin/argv).
4) Credential scope and origin: SKILL.md claims law.go.kr is the primary API but the scripts only use data.go.kr. Clarify which API is primary and remove unused credential steps—or implement law.go.kr support if intended.
5) Operational precautions: Until the above are fixed, run the skill in a restricted environment (sandbox/container), do not supply high-privilege credentials, and review the scripts locally. If you must use it now, create a throwaway or limited-scope API key at data.go.kr and monitor its usage.
If the author provides updated metadata (declared config paths), switches to HTTPS, and fixes argument quoting/escaping, the incoherence and immediate security concerns would be addressed.
功能分析
Type: OpenClaw Skill
Name: law-search
Version: 2.1.0
The skill bundle is classified as suspicious due to multiple critical shell injection vulnerabilities (RCE risk) across all provided shell scripts (`scripts/case_search.sh`, `scripts/law_detail.sh`, `scripts/law_search.sh`, `scripts/life_law.sh`). User-supplied arguments like `QUERY`, `LAW_ID`, `NUM`, and `ARTICLE` are not properly sanitized or quoted when constructing `curl` commands and `python3 -c` arguments, allowing for arbitrary command execution. For example, `LAW_ID` and `NUM` are directly interpolated into `curl` commands, and `QUERY` and `ARTICLE` are interpolated into the `python3 -c` string without escaping single quotes, which could lead to Python code injection and subsequent shell command execution. There is no evidence of intentional malicious behavior such as data exfiltration or persistence, but these vulnerabilities pose a severe risk.
能力评估
Purpose & Capability
SKILL.md and description claim primary integration with law.go.kr (with an OC credential stored at ~/.config/law-go-kr/credentials.json), but the included scripts exclusively call data.go.kr endpoints and read ~/.config/data-go-kr/api_key. The registry metadata declares no required env or config paths, which is inconsistent with the scripts' expectation of local credential files. Asking for a law.go.kr credential in docs while code never uses it is disproportionate and confusing.
Instruction Scope
The runtime scripts perform only API queries and XML→JSON parsing (expected for this skill) but: (1) they call apis.data.go.kr over plain HTTP (http://) and include the serviceKey in the request URL, exposing API keys in cleartext on the network; (2) they build python -c invocations like print(urllib.parse.quote('$QUERY')) where $QUERY is expanded unescaped by the shell — this construction is vulnerable to command substitution/injection if the query string contains shell metacharacters; (3) SKILL.md references connectors for saving/notification (Notion, Telegram) but scripts do not implement or declare network destinations beyond the official APIs. The scripts only read local config files and do not exfiltrate data to unexpected endpoints, but the HTTP + quoting issues are significant.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). Nothing is downloaded or installed automatically by the skill bundle, which minimizes installation risk. The included shell/Python scripts are plain text and run locally when invoked.
Credentials
The skill metadata declared no required environment variables or config paths, yet the scripts expect ~/.config/data-go-kr/api_key (and SKILL.md suggests ~/.config/law-go-kr/credentials.json). This mismatch is problematic: the skill will silently read local credential files that were not declared as required. Also, transmitting the data.go.kr serviceKey over HTTP is a credential exposure risk. The number and placement of credentials requested by the documentation and code are inconsistent and not properly declared.
Persistence & Privilege
The skill does not request always:true and includes no install-time modifications. It does not modify other skills or system-wide settings. It simply runs scripts on demand and reads per-user config files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install law-search - 安装完成后,直接呼叫该 Skill 的名称或使用
/law-search触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
law.go.kr + data.go.kr 기반 법령·판례·생활법령 검색
元数据
常见问题
한국 법령/판례 검색 是什么?
Korean law/case search via law.go.kr + data.go.kr APIs. Use for legal questions, statute lookup, court cases, and everyday legal info. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 775 次。
如何安装 한국 법령/판례 검색?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install law-search」即可一键安装,无需额外配置。
한국 법령/판례 검색 是免费的吗?
是的,한국 법령/판례 검색 完全免费(开源免费),可自由下载、安装和使用。
한국 법령/판례 검색 支持哪些平台?
한국 법령/판례 검색 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 한국 법령/판례 검색?
由 김성우(@sw326)开发并维护,当前版本 v2.1.0。
推荐 Skills