Zhougong Dream
v1.0.1基于传统周公解梦和现代心理学的双语解梦系统。支持格式化梦境输入、交互式引导提问、双版本解读(传统版+科学版)、智能吉凶建议。使用场景:梦境解读、运势咨询、心理安慰、文化娱乐。SEO关键词:dream analysis, dream interpretation, dream meaning, Chinese dr...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (ZhouGong dream analysis) align with the provided scripts and SKILL.md. The included Python scripts implement local dream parsing, dual (traditional + psychological) interpretations, bilingual output, and interactive questions — all coherent with the declared purpose.
Instruction Scope
Runtime instructions call the local script (scripts/zhougong_dream.py) via trigger.py. The scripts only parse the provided dream text and format local database responses. There are no instructions to read unrelated system files, environment variables, or to transmit data externally.
Install Mechanism
Most files are bundled, and no install-time downloads are required to run the included scripts. However, skill.json and SKILL.md mention npm/clawhub install commands (npm package 'zhougong-dream-analysis@latest' and clawhub), which could fetch code from a remote registry if used. That is a packaging/install inconsistency (registry metadata earlier indicated no install spec). Installing the npm package would be a moderate-risk action until you verify the package source and contents.
Credentials
The skill does not request any environment variables, credentials, or config paths. All behavior is local and does not require secrets or elevated service access.
Persistence & Privilege
The skill does not request persistent or system-wide privileges. always is false and the code does not attempt to modify other skills or system configuration. trigger.py invokes the local script and returns stdout; subprocess.run is used without a shell, reducing command-injection risk.
Assessment
This skill appears to be a self-contained, local Python-based dream interpreter and is internally coherent. Before installing or running it: (1) prefer using the bundled scripts rather than blindly running npm/clawhub install commands — the skill.json references an npm package name that would pull remote code; verify that package on the registry first. (2) The trigger uses subprocess.run with an argv list (no shell), which is safer than shell invocation, but avoid feeding untrusted input into any system-level installers. (3) Note minor documentation mismatches (referenced reference files listed in SKILL.md are not present in the bundle, and skill.json homepage differs from the top-level metadata) — these suggest sloppy packaging rather than malicious intent. If you plan to publish or install from a remote registry, review the remote package contents and repository to ensure they match these local files.Like a lobster shell, security has layers — review code before you run it.
latestvk9770471mdf9bfb8jyvv1kbbkn83ts4t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.