Ziwei Verify

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dynamic_code_execution

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Manual dependency installation can introduce version or provenance risk if the package source is not checked.

Why it was flagged

The skill documents a Python package dependency, while the provided install specification says there is no install spec; users may need to install an unpinned dependency manually.

Skill content

- **Python Libraries**: `zhdate`（农历转换）

Recommendation

Use a reviewed, pinned dependency declaration or verify the package and version before installing.

NoteMedium Confidence

ASI05: Unexpected Code Execution

What this means

Running the demo or tests may execute dynamically loaded local code.

Why it was flagged

The static scan reports dynamic module execution in demo/test code. This can execute code from a dynamically loaded module if the demo or test is run, though the artifacts do not show it being run automatically during install or normal use.

Skill content

spec.loader.exec_module(pg)

Recommendation

Inspect demo/test files before running them, and prefer normal imports or clearly scoped test helpers.

NoteHigh Confidence

ASI07: Insecure Inter-Agent Communication

What this means

Personal birth information and chart data may be processed by the dependent `ziwei` skill.

Why it was flagged

The skill depends on another skill to compute charts, so birth time and related chart data are expected to flow to the `ziwei` skill.

Skill content

- **Required Skills**: `ziwei`（提供命盘计算）

Recommendation

Use this only with a trusted `ziwei` skill implementation and understand that calibration requires sharing the input packet with that dependency.

NoteHigh Confidence

ASI06: Memory and Context Poisoning

What this means

Interactive calibration data may remain in memory for the lifetime of the process unless explicitly cleared.

Why it was flagged

Interactive mode stores session state containing the original packet, birth time, and candidates in process memory; the cleanup method is present but currently `pass`.

Skill content

self.sessions: Dict[str, DialogueState] = {}

Recommendation

Implement timestamp-based session expiration and clear sessions after confirmation, skip, or timeout.

Findings (2)

critical

suspicious.dynamic_code_execution

Location: prompt_generator_demo.py:17
Finding: Dynamic code execution detected.

critical

suspicious.dynamic_code_execution

Location: tests/test_prompt_generator.py:20
Finding: Dynamic code execution detected.