ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chinese Calendar Cn

v1.0.0

中国农历工具。节气查询、生肖年份、黄道吉日、传统节日、天干地支、农历转换。Chinese lunar calendar with solar terms, zodiac, auspicious dates, festivals, and Heavenly Stems.

0· 23·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md advertises lunar-calendar features (jieqi, 公历↔农历 conversion, 黄道吉日, 十二生肖, etc.), but the only included executable (scripts/script.sh) provides generic help/guide/faq/planning text and does not implement calendrical logic or the listed commands (jieqi, shengxiao, tiangan, jieri, jiri, zhuanhuan, minsu). The claimed capabilities are not present in the code bundle.
!
Instruction Scope
SKILL.md instructs users/agents to run commands such as 'chinese-calendar-cn jieqi' and others that are not implemented by the provided script. The script instead supports commands like intro, guide, tips, planning, examples, faq, etc. This is a direct instruction-vs-implementation mismatch and will cause runtime errors or confusion. The SKILL.md also claims '纯本地输出' but the script outputs mostly templated reference prose rather than calendar data.
Install Mechanism
No install spec and no external downloads; the skill is instruction-plus-a-script only. That lowers supply-chain risk — nothing is fetched or written during install.
Credentials
No environment variables, credentials, or filesystem paths are requested. The script does not access external services or secrets.
Persistence & Privilege
Skill is not always-enabled and does not request elevated persistence or modify other skills or system settings. It runs locally as a simple script when invoked.
What to consider before installing
This package appears to be incomplete or mislabeled rather than malicious: before installing or enabling it, test it locally (run the bundled script: ./scripts/script.sh help) and verify it provides the calendar features you expect. If you need real lunar-calendar functions (jieqi lookup, calendar conversion), ask the author or check the repository for a different release or missing files — do not assume the SKILL.md commands will work. Because there are no requests for credentials and no network/install steps, it’s low-risk to inspect locally, but avoid relying on this skill for production use until the functionality mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk974m64mbrr06e45724699xmq584by8s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments