紫微斗数排盘解盘
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts describe a coherent local astrology-chart skill; the main things to notice are expected Node/npm execution and optional local saving of birth details.
Before installing, be comfortable running a local Node/npm CLI. Use `npm ci` where possible, keep generated fixture files private because they may contain birth details, and avoid running optional maintenance commands such as longitude regeneration unless you specifically need them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill or fixture helper executes local Node.js code from the skill package.
The optional fixture script executes the local Node CLI. This is disclosed and purpose-aligned, but users should recognize that running the fixture helper runs local code.
const r = spawnSync(process.execPath, ["src/index.js"], { cwd: cliRoot, input: inputBuf, encoding: "utf8"Run the CLI only from the intended skill directory, prefer the documented stdin workflow, and avoid interpolating untrusted strings directly into shell commands.
Initial setup may fetch and run third-party Node packages needed for the astrology library.
The skill requires npm dependency installation even though the registry metadata has no install spec. The package files include pinned dependency information, so this is a transparency note rather than evidence of malicious behavior.
安装依赖: `npm ci` 若失败可改用 `npm install`
Prefer `npm ci` with the included lockfile, review package changes before using `npm install`, and install only in a trusted environment.
Saved fixture files can contain personal birth time, birthplace, gender, and generated chart data, and may be reintroduced into future model context.
The optional fixture workflow persists personal birth details and chart output for reuse in later conversations.
将 CLI 入参(`birth_time`、`gender`、`birth_place`、可选 `longitude`)与 当次完整 stdout 写在同一文件里,以后对模型 @ 该文件
Create fixture files only when needed, keep them in a private location, delete them when no longer needed, and only @ fixture files you trust.