循古黄历
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a disclosed Huangli calendar lookup that calls a stated third-party API with a user-provided token; the main thing to notice is the required API credential.
Before installing, make sure you trust cdndns.org enough to use its Huangli API and provide a dedicated HUANGLI_API_TOKEN. Avoid sharing broad or unrelated credentials in the same .env files used by automation tools.
Publisher note
本 Skill 旨在通过调用 https://cdndns.org/huangli/ 的公开数据,为用户提供准确的每日宜忌、建除十二神、黄黑道值日、二十八星宿、胎神占方、三元九运方位以及逐时吉凶查询。不涉及任何个人隐私采集,仅需联网获取实时黄历数据。全程仅通过 HTTPS 调用 API 获取公开数据。
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your configured Huangli API token to query cdndns.org for calendar data.
The skill requires a Bearer token for the Huangli API. This is expected for the described service, but it is a credential and should be scoped to this provider.
"key": "HUANGLI_API_TOKEN", "description": "循古黄历API Bearer Token (从 https://cdndns.org 获取)", "required": true
Use a token intended only for this Huangli API, and revoke or rotate it if you stop using the skill.
Using the skill can send the requested date query and authorization header to the third-party Huangli API.
The provided Python snippet performs an outbound HTTPS request to the stated API with the configured token. This is consistent with the skill's calendar-query purpose.
url = "https://cdndns.org/huangli/api/calendar" ... headers = { 'Authorization': f'Bearer {token}', 'User-Agent': 'Mozilla/5.0' }Only use the skill if you are comfortable with cdndns.org receiving these calendar lookup requests.