易经占卜 I Ching Divination
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign I Ching divination skill that runs a bundled Python script, with only minor command-safety and packaging documentation notes.
This skill looks safe to install for its stated purpose. Be aware that it runs a local Python script, make sure Python 3 is available, and treat the divination output as reflective/entertainment guidance rather than a basis for financial, legal, medical, or other high-stakes decisions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A specially crafted question could affect command parsing if an agent naively substitutes it into a shell command.
The workflow places user-supplied question text inside a shell command. Running the bundled script is central to the skill, but raw shell interpolation of user text should be avoided or carefully escaped.
result=$(python3 scripts/divine.py --method coin --question "{用户问题}")Invoke the script with safe argument passing, avoid raw shell interpolation, and do not run modified commands supplied by user text.
Installation may look dependency-free even though using the skill requires a Python 3 runtime.
The SKILL.md examples require `python3 scripts/divine.py`, so the Python runtime dependency is purpose-aligned but under-declared in the registry metadata.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Declare Python 3 as a required binary and keep the documented data-file paths aligned with the packaged files.