Star Mansion Master
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only astrology and content-writing skill with no code, credentials, or network behavior; the main things to notice are local preference storage and optional social-media monetization wording.
This skill appears safe to use for astrology-style lookup and content drafting. Before installing, be aware that it may create or read local EXTEND.md preference files, and review any referenced external skill separately. Treat outputs as interpretive or entertainment content, not factual predictions or relationship decisions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Saved preferences such as platform, account name, persona, and monetization goals may be reused in later sessions and could affect generated content.
The skill intentionally loads and persists local preferences. This is aligned with customization, but project-level or user-level saved context can shape future responses.
Check EXTEND.md (priority: project → user) ... Found | Load → continue ... Not found | Run setup ... Save → continue
Review any EXTEND.md file before use, especially project-local copies, and avoid storing sensitive personal or business information there unless needed.
If the agent follows the referenced external skill, additional instructions outside this package may influence output formatting or behavior.
The skill points to another skill that is not included in the artifact set. This appears optional and purpose-aligned, but its behavior depends on that separate skill.
Follow `aura-content-strategist` skill for platform-specific formatting when creating XHS/Pinterest content.
Review and trust the referenced formatting skill separately before relying on it.
Generated replies may encourage followers to move into private messages or paid services.
The comment-reply workflow includes private-message and paid-reading funnel language. This is disclosed and aligned with the social media content purpose, but it is commercial influence wording.
"能帮我看看吗?" → 引导私信/付费
Use the monetization-style replies only when appropriate, and keep disclosures clear so followers understand they are receiving astrology-style content rather than guaranteed advice.