Aistro
PassAudited by ClawScan on May 1, 2026.
Overview
Aistro appears to be a coherent astrology skill, with the main things to notice being local Node/npm script use and collection of birth details for chart reports.
This skill looks reasonable for astrology reports, but install it only if you are comfortable with it running bundled Node scripts, installing npm dependencies if missing, and using personal birth details in the chat context. Do not rely on astrology output as professional medical, financial, or legal advice.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fetch and install npm dependencies on first use so its astrology scripts can run.
The skill instructs an npm dependency install before using its calculation scripts. This is disclosed and purpose-aligned, but it means installing third-party packages even though the registry metadata has no install spec.
cd skills/aistro/scripts && [ -d node_modules ] || npm install
Review the included package.json/package-lock.json and install only if you are comfortable with local npm dependencies for this skill.
Using the skill can run local calculation scripts rather than only producing text responses.
The skill directs the agent to run local Node scripts for horoscope, moon phase, and score calculations. The provided scripts are coherent with the purpose and do not show suspicious behavior, but local code execution is still something users should be aware of.
This skill includes scripts in `scripts/` for precise astronomical calculations. **Always use these scripts instead of estimating.**
Allow use of the local scripts only if you are comfortable with the skill running its bundled Node code for calculations.
Your birth date, birth time, birth place, and possibly another person's birth details may be retained in the active chat context for later report steps.
The skill collects and reuses personal birth details in the conversation context. This is expected for astrology reports, but it is personal information and may include another person's details.
Before generating any report, collect the user's birth data... For synastry, also collect the second person's birth data. Store this in conversation context. If already provided, do not ask again.
Share only the birth details needed for the report, avoid providing another person's data without consent, and ask the agent to omit or forget details if you do not want them reused.