Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
1coos-calendar-cn
v1.0.0查询中国传统日历/黄历信息。TRIGGER when user asks about Chinese calendar, lunar date, 农历, 黄历, 万年历, 节气, 宜忌, or wants to look up a specific date's traditional Chinese calen...
⭐ 0· 19·0 current·0 all-time
by@1coos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description describe local Chinese calendar lookups. The skill ships a bundled JS script that includes the lunar-typescript logic and the SKILL.md instructs running that script locally. No declared binaries, env vars, or unrelated services are requested — these requirements are proportional to the stated purpose.
Instruction Scope
SKILL.md gives narrow runtime instructions: run the bundled script with bun/node and display output. It does not ask the agent to read unrelated files or external credentials. However, the pre-scan detected a 'base64-block' pattern inside SKILL.md (prompt-injection signal). That is unexpected for a simple usage doc and should be inspected — the file may contain obfuscated content or hidden instructions.
Install Mechanism
There is no install spec; the skill is instruction-only but includes a bundled scripts/main.js. Not installing external artifacts from the network reduces risk. The single large JS bundle is normal for a packaged TypeScript library, but bundling increases the amount of code to audit.
Credentials
The skill declares no required env vars or credentials and the SKILL.md does not request secrets. This is appropriate for a locally-run calendar library. Still verify the bundled script does not read process.env or config files at runtime (audit for process.env, fs.readFile, or config path access).
Persistence & Privilege
The skill is not flagged always:true and does not request system-wide configuration changes. It runs only when invoked by the user (user-invocable:true), which is appropriate and low-privilege.
Scan Findings in Context
[base64-block] unexpected: The SKILL.md was flagged for a base64-like block. A usage document for a calendar skill normally wouldn't contain encoded payloads. This could be a benign embedded example or a false positive, but it could also be an attempt to hide commands or data — open SKILL.md and search for long contiguous base64 strings, data URLs, or instructions encoded as base64.
What to consider before installing
What to check before installing: 1) Open SKILL.md and inspect the whole file for any large base64 strings, hidden instructions, or embedded payloads—delete or reject if you find unintelligible encoded blocks. 2) Manually review scripts/main.js (it’s a large bundled file) for network calls (fetch, XMLHttpRequest, http/https modules), dynamic code execution (eval, Function, new Function), child process usage (child_process.exec/spawn), or decoding of base64/Buffer.from(...,'base64'). 3) If you cannot audit the file yourself, run the skill in a constrained sandbox (no network, limited file access) and observe whether it attempts outbound connections or reads unexpected files. 4) If you want to be extra cautious, disable autonomous invocation for this skill or require explicit approval before using it. These steps will reduce the risk posed by the suspicious base64 finding and the large bundled JS file.Like a lobster shell, security has layers — review code before you run it.
latestvk97d6mjtcj8g3fytds3bteje1n84b495
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📅 Clawdis