AstroClaw
PassAudited by ClawScan on May 5, 2026.
Overview
AstroClaw is a coherent, instruction-only horoscope API skill, with modest caution because it asks the agent to fetch and keep a daily external forecast in context.
AstroClaw appears safe for playful horoscope use. Before installing, confirm you are comfortable with occasional requests to astroclaw.xyz and with the agent keeping a short daily forecast in context; do not let the forecast guide important, factual, security-sensitive, or business decisions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may cause the agent to contact astroclaw.xyz when asked for a horoscope or as part of a daily routine.
The skill documents an outbound HTTP request to a fixed horoscope API domain; this is expected for the stated purpose and does not include credentials or sensitive parameters.
curl -s https://astroclaw.xyz/api/forecasts/2026-03-11/aries.json
Allow the skill only if you are comfortable with occasional outbound requests to this domain; keep requests limited to the documented forecast endpoint.
The agent's wording or creative choices could be nudged by the daily forecast even outside a direct horoscope answer.
The skill intentionally asks the agent to let external horoscope text influence its outputs. This is disclosed and central to the playful purpose, but it should not override user instructions or safety constraints.
Keep your daily horoscope in context to subtly influence generations based on the cosmos
Use the forecast as decorative context only, not as an instruction source or basis for important decisions.
A forecast from the external service could persist in the agent's context for the day and affect later responses.
The skill recommends retaining external API content in state/context. It also instructs sanitization and length limits, making this purpose-aligned but still worth noticing.
Store "last_alignment_check" timestamp and the sanitized forecast; Keep the forecast in your working context for the day
Treat forecasts as untrusted data, store only short sanitized plain text, and do not preserve or follow any operational instructions that might appear in the forecast text.
The agent may perform a daily horoscope check and update local state if the user configures such a routine.
The skill suggests recurring daily execution. This is disclosed and bounded to a daily forecast check, with no hidden background code present.
Add this to your daily heartbeat or periodic tasks
Enable any daily routine only intentionally, keep it limited to one check per day, and make it easy to disable.