Skillv0.9.0

ClawScan security

Lunar Calendar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 13, 2026, 10:57 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (lunar/黄历 calculations) but contains mismatches and hidden automation (GitHub publish scripts that expect a GITHUB_TOKEN) that are not declared in the skill metadata — these inconsistencies warrant caution before installing or giving it credentials.
Guidance: This package appears to implement the stated lunar/黄历 features, but it also bundles GitHub/community publishing automation that expects a GITHUB_TOKEN and network push actions that are not declared in the skill metadata. Before installing or running: 1) Treat the repo as code+tools, not just an instruction-only skill — review scripts/ for any network or publish actions. 2) Do NOT set or expose a GitHub token to this skill unless you intend to publish the repository; github_auto_setup.sh and LAUNCH_NOW.sh will use GITHUB_TOKEN or embed credentials in remote URLs (which can leak). 3) If you only want calendar queries, restrict the agent to call the specific calculator script (scripts/lunar_calculator.py) and disable/omit running any publish/upload scripts. 4) Audit which lunar script the runtime will call — the top-level lunar_calendar.py is a simplified/approximate implementation; the authoritative calculator lives in scripts/ (verify which actual script is executed). 5) Because the source owner/homepage are unknown, prefer running the calculator in a sandbox or reviewing the Python code and third‑party dependencies (lunardate, cnlunar) locally before allowing autonomous runs or granting tokens. If you want, I can list the exact lines in the publish scripts that use GITHUB_TOKEN and suggest safe edits to neutralize publishing behavior.

Review Dimensions

Purpose & Capability: noteName/description match the included calendar and fortune features and the SKILL.md enforces using a local calculator script. However the package also includes release/publish automation (LAUNCH_NOW.sh, github_auto_setup.sh, create_github_repo.sh, publish scripts, many docs instructing to push to GitHub and post to a community). The metadata declares 'instruction-only' and no required env vars, but the repository contains tooling that would legitimately require credentials (GITHUB_TOKEN) and network access — that is inconsistent with the minimal requirements declared.
Instruction Scope: concernSKILL.md confines runtime behavior tightly (call scripts/lunar_calculator.py; read reference files only when needed) which is good. But the skill bundle also contains many auxiliary scripts and prose that instruct publishing to GitHub and community sites (LAUNCH_NOW.sh, github_auto_setup.sh, GITHUB_* guides). Those scripts perform remote actions (curl to GitHub API, git push) and require a GITHUB_TOKEN, yet SKILL.md does not mention invoking them. If an agent or operator follows other included docs, it could run network/publish operations not required for calendar queries. The presence of a top-level simplified lunar_calendar.py (which is inaccurate) alongside a larger scripts/lunar_calculator.py is also a potential source of confusion/incorrect execution.
Install Mechanism: noteNo formal install spec is declared (instruction-only in registry), which minimizes automatic install risk. But included docs and scripts expect installing Python dependencies (lunardate, cnlunar) and creating/pushing GitHub releases (tarball creation). There are no downloads from obscure URLs in the manifest, but the package includes automation that would fetch/push to GitHub if executed manually or by an agent.
Credentials: concernRegistry metadata claims no required env vars or credentials, but scripts in the bundle explicitly require GITHUB_TOKEN (github_auto_setup.sh) and the guidance shows pushing to a repo via an auth-embedded remote URL. That is a direct mismatch: the skill may request or attempt to use a GitHub token for publishing which is unrelated to the core lunar/黄历 functionality. This creates a high risk of accidental credential exposure if these scripts are run. No other secrets are declared, but multiple files reference network endpoints (GitHub, community site) and publishing steps.
Persistence & Privilege: noteThe skill does not request always:true and defaults allow autonomous invocation (the platform default). Nothing in the metadata indicates it modifies other skills or system-wide settings. However the included automation can create a remote GitHub repo and push the entire skill directory, which could leak local files or metadata to an external host — a persistence/exfiltration concern only if those publish scripts are run.