ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bytesagain Fortune Teller

v1.0.0

Draw tarot cards, cast I Ching hexagrams, and check daily fortunes for fun. Use when pulling spreads, casting hexagrams, or playing fortune games.

0· 52·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (tarot, I Ching, daily fortunes) match the included scripts. The two scripts implement fortune commands (bazi, daily, zodiac) and a small local data CLI (run/add/list/search). No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md directs users to run the CLI and mentions FORTUNE_TELLER_DIR. The runtime scripts read standard env vars (XDG_DATA_HOME, HOME) and write to a data directory. They log user actions to history.log and append entries to data.log — so user inputs may be stored locally. There are no network calls or instructions to read other system files.
Install Mechanism
No install spec (instruction-only). The package includes plain shell scripts and an inline Python invocation. Nothing is downloaded or extracted from remote URLs during install.
Credentials
The skill declares no required env vars or credentials. At runtime the scripts consult FORTUNE_TELLER_DIR (optional), XDG_DATA_HOME, and HOME — all reasonable for configuring a local data directory.
Persistence & Privilege
The scripts create and write files under the user's data directory (default ~/.local/share/fortune-teller) including data.log and history.log. always:false and no elevated privileges are requested. Persistence is limited to the skill's own data directory.
Assessment
This skill appears to do what it says: local, offline fortune-telling. Before installing or running it, note that it will create a directory (default ~/.local/share/fortune-teller) and write history.log and data.log which may contain any text you add (so avoid entering secrets). There are no network calls or required API keys. If you prefer isolation, set FORTUNE_TELLER_DIR to a sandbox folder or inspect the scripts locally before running. Also be aware SKILL.md references a 'fortune-teller' command but no install step is provided — you may need to place the included scripts on your PATH or run them directly.

Like a lobster shell, security has layers — review code before you run it.

latestvk970m8333v7vyresv7fw7aes1x847yqt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments