ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AsianSeeker - Openclaw FortuneTeller

v1.0.2

Mingli (命理) — Multi-system daily horoscope: Western astrology (natal chart + transits), Ba-Zi / Four Pillars (Bát Tự), numerology, I Ching (Kinh Dịch). Kerykeion + astronomyapi.com. Telegram delivery.

0· 2.4k·2 current·2 all-time
by@lukebaze
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md match the stated purpose: natal charts (kerykeion), Ba-Zi, numerology, I Ching, and planetary transits from astronomyapi.com with Telegram delivery. Declared dependency on kerykeion and use of astronomyapi are appropriate for astrology/astronomy data. However, the registry metadata claimed no required env vars or config paths while the scripts and references clearly expect ASTRONOMY_APP_ID and ASTRONOMY_APP_SECRET and write/read local memory files and cron state — an inconsistency.
!
Instruction Scope
Runtime instructions tell the agent to collect birth date/time/location and Telegram chat IDs, run local Python scripts, write persistent user data to ~/clawd/memory/horoscope-users.md and state/users.json, and create per-user cron jobs that post to Telegram. Those actions involve storing PII (birth data, lat/lon, chat IDs) and scheduling persistent tasks. The prompt template also references a different path (.claude/skills/daily-horoscope/...) than the skill slug (mingli), which is an incoherence that could break execution or cause the agent to search unexpected locations.
Install Mechanism
This is instruction-only (no install spec). The SKILL.md lists a pip dependency (kerykeion) which is a normal PyPI package for astrology; installing via pip is typical but not covered by an install script in the package. Because there's no controlled install spec, the agent may attempt to run pip at runtime — moderate risk if the package's provenance isn't verified.
!
Credentials
Registry metadata lists no required env vars, but scripts (fetch-planetary-positions.py) require ASTRONOMY_APP_ID and ASTRONOMY_APP_SECRET to call astronomyapi.com. The skill will also ask users for Telegram chat IDs (not env, but sensitive). The mismatch between declared and actual credential needs is an unambiguous incoherence. Requesting astronomy API credentials is proportionate to transit fetching, but the package should have declared those requirements.
!
Persistence & Privilege
The skill instructs creation of persistent cron jobs per user and writes user data to files under the user's home directory (~/clawd/...). That level of persistence and filesystem modification is expected for scheduled delivery but is a privileged capability and should be explicitly declared and consented to. Autonomous invocation is allowed (default) — combined with cron creation and persistent storage this increases blast radius if misused.
What to consider before installing
Key things to check before installing: - Metadata mismatch: the registry claims no env vars/config paths but the scripts require ASTRONOMY_APP_ID and ASTRONOMY_APP_SECRET. If you plan to use transit data, you must provide these secrets. Verify where and how you will store them and whether the agent actually needs them. - Persistent state & cron jobs: the skill writes user PII (birth date/time, lat/lon, LifePath number, Telegram chat IDs) to ~/clawd/memory/horoscope-users.md and state/users.json and creates cron jobs that send messages to Telegram. Make sure you are comfortable with those files being created in your home directory and with scheduled outgoing messages. Consider where those files will live, whether they are readable by others, and whether you want to allow the skill to create cron jobs. - Telegram delivery: the skill expects to send messages to Telegram chat IDs. Confirm the integration uses trusted, platform-managed telegram_actions (do not paste your Telegram bot token into skill files) and verify what permissions the Telegram channel/ bot uses. - Path/prompt incoherence: references/horoscope-prompt-template.md calls a script under .claude/skills/daily-horoscope/... while other examples use .claude/skills/mingli/.... That mismatch suggests the runtime prompt or examples may be broken or cause the agent to look in unexpected locations. Ask the author to fix the paths. - Third-party packages: kerykeion (pip) is required for full natal-chart calculations. Verify the package's provenance (PyPI page, maintainers) before allowing pip install. - Minimal test: run the included scripts locally with test data and without supplying ASTRONOMY credentials to confirm fallback behavior. Check what files are created and what exact network calls are made (fetch-planetary-positions.py uses astronomyapi.com only). - If privacy is a concern, do not grant autonomous invocation or cron-creation rights until you review/modify the code to store data in an approved secure location, or to require explicit user approval per operation. If you want, I can produce a short checklist / patch suggestions to (a) declare required env vars in the skill metadata, (b) fix the path typo in the prompt template, and (c) change where and how memory is stored (or make it configurable).

Like a lobster shell, security has layers — review code before you run it.

latestvk970d7x4y5g3mm1y1vh4scryf980c9x5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Mingli 命理

Multi-system divination skill: Western astrology (Placidus houses, precise aspects), Ba-Zi / Four Pillars (Ngu Hanh), numerology (LifePath + personal cycles), and I Ching (hexagram + SPARK). Delivered daily via Telegram cron or on-demand.

Modes

ModeDescriptionTrigger
SetupRegister birth data, compute all charts"set up my horoscope"
DailyAutomated 4-system horoscope via cronCron schedule
On-demandInstant horoscope"my horoscope", "horoscope now"
I ChingHexagram reading (random or manual)"cast I Ching", "throw hexagram"
ManagePause/resume/change time"pause horoscope", "change horoscope time"

Scripts

# Western natal chart (kerykeion — houses, aspects, nodes)
.claude/skills/.venv/bin/python3 .claude/skills/mingli/scripts/calculate-western-natal-chart-using-kerykeion.py \
  --date 2000-03-25 --time 12:00 --tz "Asia/Saigon" --lat 21.0245 --lon 105.84117 --name "User"

# Ba-Zi Four Pillars + Western zodiac
.claude/skills/.venv/bin/python3 .claude/skills/mingli/scripts/calculate-bazi.py \
  --date 1990-05-15 --time 14:30 --tz "Asia/Saigon"

# Planetary positions (astronomyapi.com fallback for transit data)
.claude/skills/.venv/bin/python3 .claude/skills/mingli/scripts/fetch-planetary-positions.py \
  --lat 10.8231 --lon 106.6297

# Numerology — LifePath, Birthday, Attitude, Challenges, Pinnacles, Personal cycles
.claude/skills/.venv/bin/python3 .claude/skills/mingli/scripts/calculate-numerology.py \
  --date 2000-03-25

# I Ching hexagram casting
.claude/skills/.venv/bin/python3 .claude/skills/mingli/scripts/cast-i-ching-hexagram.py --mode random
.claude/skills/.venv/bin/python3 .claude/skills/mingli/scripts/cast-i-ching-hexagram.py \
  --mode manual --upper Kan --lower Kun --moving 2,1

Setup Mode

  1. Ask for: birth date (YYYY-MM-DD), birth time (HH:MM), birth city (lat/lon + timezone)
  2. Ask for: Telegram chat ID, preferred delivery time + timezone
  3. Run all calculation scripts: natal chart, Ba-Zi, numerology
  4. Write results to ~/clawd/memory/horoscope-users.md (include lat/lon, LifePath number)
  5. Create daily cron job
  6. Confirm: Western sign + ASC + Ba-Zi Day Master + LifePath + delivery schedule

Daily Mode

Cron triggers 4 scripts → all JSON fed to LLM → compose multi-system horoscope → Telegram.

See references/horoscope-prompt-template.md for full agentTurn message.

On-Demand Mode

Trigger: "my horoscope", "horoscope now", "what's my horoscope today"

Same flow, inline (not isolated session). Includes daily I Ching hexagram.

I Ching Mode

Trigger: "cast I Ching", "throw hexagram", "que Kinh Dich"

  • Random cast: 3-coin method, cryptographic randomness
  • Manual input: User provides upper/lower trigrams + moving lines
  • Output: primary hexagram, moving lines, transformed hexagram, SPARK summary

Management Commands

CommandAction
"pause horoscope"Disable cron job
"resume horoscope"Enable cron job
"change horoscope time to 7am"Update cron schedule
"remove horoscope"Delete cron job + memory entry

Cron Delivery

One cron job per user: horoscope-daily-{username}

{
  "name": "horoscope-daily-{username}",
  "enabled": true,
  "schedule": { "kind": "cron", "expr": "0 {hour} * * *", "tz": "{timezone}" },
  "sessionTarget": "isolated",
  "payload": {
    "kind": "agentTurn",
    "message": "[prompt from references/horoscope-prompt-template.md]",
    "model": "claude-sonnet-4-20250514",
    "timeoutSeconds": 180,
    "deliver": true,
    "channel": "telegram",
    "to": "{telegram_chat_id}"
  },
  "isolation": { "postToMainPrefix": "Horoscope delivered", "postToMainMode": "summary" }
}

State Tracking

File: state/users.json — maps usernames to cron job IDs.

Error Handling

  • kerykeion fails: Fallback to fetch-planetary-positions.py (API-based, no houses)
  • API down: LLM generates horoscope from zodiac knowledge only
  • Memory missing: Prompt user to run setup first
  • I Ching data missing: Generate hexagram from embedded trigram math only

References

  • references/astronomyapi-reference.md - API auth + endpoints
  • references/zodiac-reference.md - Western + Chinese zodiac tables, stems, branches
  • references/horoscope-prompt-template.md - LLM prompt for daily generation
  • references/i-ching-64-hexagrams.json - 64 hexagrams with Chinese/Vietnamese names

Dependencies

  • kerykeion (pip) — natal chart, houses, aspects. Install: pip install kerykeion
  • astronomyapi.com — env: ASTRONOMY_APP_ID, ASTRONOMY_APP_SECRET
  • All other scripts: Python stdlib only

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…