Chinese Holidays
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a simple local Chinese holiday lookup tool, with only a minor transparency note that it relies on running a Python script despite no required binary being declared.
This skill looks low risk and purpose-aligned. Before installing, note that it runs a bundled Python script for local holiday lookups and appears to rely on static holiday data, so verify that Python is available and that the holiday data is current for the year you need.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run unless Python is available, and users should understand that the skill's behavior comes from the bundled local script.
The documented workflow depends on a local Python runtime and bundled script, while the registry metadata declares no required binaries. This is a minor transparency issue rather than suspicious behavior because the command is directly related to the skill's stated holiday-query purpose.
python scripts/holidays.py today
Declare Python as a runtime requirement in metadata, or clarify that the script is intended to be run only in environments where Python is already available.