← 返回 Skills 市场
134
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install movie-finder
功能描述
搜索并播放电影。功能包括:(1) 按类型、年份、评分筛选电影;(2) 支持中英文输入;(3) 展示电影海报、评分、剧情简介;(4) 生成可点击的 iframe 播放页面,直接在线观看。触发场景包括:搜索电影、想看电影、找最新电影、按类型/年份/评分筛选电影。
安全使用建议
This skill will search for movie metadata and produce an HTML page that embeds third‑party streaming URLs. Before installing:
- Be aware the SKILL.md says to use the TMDB API but the skill declares no TMDB API key or environment variable — if the skill attempts to call TMDB you may need to supply an API key or it will scrape pages instead.
- The play sources listed (2embed, vidcloud, soap2day, etc.) are third‑party embed sites that are frequently untrusted or host infringing content; embedding their URLs directly can expose you to malware, tracking, or legal/terms risks.
- The generator script simply injects provided URLs into iframe src without validating or sanitizing them; a malicious or compromised source could serve harmful content when the page is opened.
Recommendations:
- If you install, inspect and run the skill in a sandboxed environment first; review any network activity and the exact sites it searches/uses.
- Consider blocking unknown streaming hosts at the network level or restricting the skill to only use trusted sources (and require an explicit TMDB API key instead of scraping).
- If you need metadata from TMDB, prefer configuring a TMDB API key and update the skill to declare that requirement explicitly.
What would change the assessment: explicit declaration of required TMDB credentials and a documented whitelist/validation step for streaming sources would reduce the concerns and could move this toward benign.
功能分析
Type: OpenClaw Skill
Name: movie-finder
Version: 1.0.1
The movie-finder skill is classified as suspicious because the `scripts/generate_movie_page.py` script lacks input sanitization, using direct string interpolation to generate HTML which creates a Cross-Site Scripting (XSS) vulnerability if the agent retrieves malicious metadata. Additionally, `SKILL.md` explicitly instructs the agent to source content from high-risk pirate streaming domains (e.g., `2embed.ru`, `vidcloud.co`, `vidsrc.me`) that are frequently associated with malvertising and untrusted third-party content. While the skill's behavior aligns with its stated purpose, these implementation flaws and the reliance on risky external sources pose a security threat to the user.
能力评估
Purpose & Capability
The skill's name and description match what the files implement (search metadata and generate an HTML page with an iframe). However, SKILL.md says to '优先使用 TMDB API' while the package declares no env vars or API key requirement — that is a missing / undeclared dependency. Also the search/playback strategy explicitly targets third‑party streaming/embed sites (e.g., 2embed.ru, vidcloud.co, soap2day.rs), which is consistent with 'play online' but raises provenance and trust concerns.
Instruction Scope
Runtime instructions direct the agent to web_search arbitrary streaming sites and to pick the 'first available' embed source and embed it directly in a generated HTML file. The skill recommends scraping external sites and does not require or describe any validation/safety checks for streaming URLs; this grants the agent broad discretion to visit and embed potentially untrusted/malicious sources. The instructions otherwise do not read local secrets or unrelated system files.
Install Mechanism
No install spec; this is instruction‑only with an included helper script. No remote downloads or archive extraction are requested, which is low risk for install-time code execution.
Credentials
No environment variables or credentials are declared, yet SKILL.md instructs prioritizing TMDB API for metadata. TMDB normally requires an API key — the skill does not declare how that key would be supplied. Additionally, the skill's strategy relies on external streaming domains (some known for piracy), but requests no configuration or allow-listing to control those external endpoints.
Persistence & Privilege
Does not request always:true and contains no automatic persistence or modification of other skills. It writes generated HTML files to disk when invoked (expected behavior) but does not ask for elevated agent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install movie-finder - 安装完成后,直接呼叫该 Skill 的名称或使用
/movie-finder触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
**Changelog for movie-finder v1.0.1**
- Added an INSTALL.md file with instructions for manual and CLI-based installation.
- Expanded SKILL.md with a comprehensive installation guide and verification steps.
- Enhanced documentation to include more detailed usage scenarios, parameter extraction, intent classification, and clear output flow for both search and playback.
- Updated playback page template to display more movie details (runtime, director, cast) and support alternative streaming sources.
- Clarified streaming source priority and reliability, and outlined strategies for source selection and error handling.
v1.0.0
- Initial release of movie-finder skill.
- Search and filter movies by genre, year, and rating in both Chinese and English.
- Display movie posters, ratings, and plot summaries.
- Generate an HTML playback page with embedded streaming via iframe.
- Provide clickable links for multiple streaming sources.
元数据
常见问题
搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面 是什么?
搜索并播放电影。功能包括:(1) 按类型、年份、评分筛选电影;(2) 支持中英文输入;(3) 展示电影海报、评分、剧情简介;(4) 生成可点击的 iframe 播放页面,直接在线观看。触发场景包括:搜索电影、想看电影、找最新电影、按类型/年份/评分筛选电影。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。
如何安装 搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install movie-finder」即可一键安装,无需额外配置。
搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面 是免费的吗?
是的,搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面 支持哪些平台?
搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 搜索并播放电影,支持按类型/年份/评分筛选,中英文输入,生成 iframe 播放页面?
由 chugenice(@chugenice)开发并维护,当前版本 v1.0.1。
推荐 Skills