奇门遁甲排盘系统
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a local Node.js divination/charting tool with no evidence of credential access, data exfiltration, persistence, or destructive behavior.
This looks safe to use as the documented local Node command-line tool. Be aware that the included HTML version loads external libraries from CDNs if opened, so prefer the CLI if you want to avoid third-party network resources.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The documented command-line use remains local, but the separate HTML page may contact and run code from third-party CDNs if opened in a browser.
The optional HTML artifact loads JavaScript and styling from external CDNs, including a latest-tag dependency, so opening that HTML page would execute third-party code outside the local CLI implementation.
<script src="https://unpkg.com/react@18/umd/react.production.min.js"></script> ... <script src="https://cdn.tailwindcss.com"></script> ... <script src="https://unpkg.com/lucide@latest"></script>
Use the documented Node CLI path if you want local-only behavior; only open the HTML UI if you are comfortable with its external CDN dependencies.