职业与健康命理分析
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a local astrology-style career and health report tool, with no artifact evidence of credential use, data sharing, persistence, or destructive actions.
Security-wise, the provided artifacts look proportionate for a local 命理 analysis skill. Before installing or running it, verify any missing Python dependency such as sxtwl from a trusted source, and treat the health-related output as fortune-telling guidance rather than medical advice.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local code is run, a user or agent may need to resolve a Python dependency that is not pinned or documented in the install metadata.
The code depends on an external calendar library, while the supplied install information says there is no install spec. This is under-documented dependency provenance, but the artifacts do not show remote downloads, hidden installers, or automatic execution.
import sxtwl
Document the exact dependency and trusted version, preferably with a requirements or lock file; users should install any missing package only from trusted sources.