紫微斗数排盘解盘
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: zwds-openclaw Version: 1.0.1 The zwds-openclaw skill bundle is a legitimate tool for Zi Wei Dou Shu (Chinese astrology) calculations. It utilizes the well-known 'iztro' Node.js library and provides a CLI interface for generating structured JSON charts. The SKILL.md file contains robust instructions that emphasize data integrity and prevent the agent from hallucinating information. While build scripts (e.g., build-longitudes.mjs) perform network requests to GitHub and Aliyun, these are clearly documented and serve the purpose of creating a local geographic database for solar time corrections. No indicators of data exfiltration, malicious execution, or harmful prompt injection were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill or fixture helper executes local Node.js code from the skill package.
The optional fixture script executes the local Node CLI. This is disclosed and purpose-aligned, but users should recognize that running the fixture helper runs local code.
const r = spawnSync(process.execPath, ["src/index.js"], { cwd: cliRoot, input: inputBuf, encoding: "utf8"Run the CLI only from the intended skill directory, prefer the documented stdin workflow, and avoid interpolating untrusted strings directly into shell commands.
Initial setup may fetch and run third-party Node packages needed for the astrology library.
The skill requires npm dependency installation even though the registry metadata has no install spec. The package files include pinned dependency information, so this is a transparency note rather than evidence of malicious behavior.
安装依赖: `npm ci` 若失败可改用 `npm install`
Prefer `npm ci` with the included lockfile, review package changes before using `npm install`, and install only in a trusted environment.
Saved fixture files can contain personal birth time, birthplace, gender, and generated chart data, and may be reintroduced into future model context.
The optional fixture workflow persists personal birth details and chart output for reuse in later conversations.
将 CLI 入参(`birth_time`、`gender`、`birth_place`、可选 `longitude`)与 当次完整 stdout 写在同一文件里,以后对模型 @ 该文件
Create fixture files only when needed, keep them in a private location, delete them when no longer needed, and only @ fixture files you trust.