Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (猫咪塔罗占卜助手) match the included files and code. The package contains a CLI (neko.py) and tarot/spread index/data JSON files used to list spreads, draw cards, or compose prompts. All required artifacts (tarot.json, spreads.json, tarot_index.json, templates) are present and used for the stated purpose.
Instruction Scope
SKILL.md instructs the agent to ask intent, choose a spread, and call local CLI commands (python neko.py list/draw/compose) and to read the included data files (tarot_index.json, tarot.json, spreads.json). Those instructions are narrowly scoped to the tarot task and explicitly forbid blind guessing. There are no steps that ask the agent to read unrelated system files, fetch secrets, or transmit data to external endpoints.
Install Mechanism
There is no install spec — this is instruction + local code. The README notes runtime Python dependencies (typer, pydantic) to be installed by the user, which is expected for a Python CLI. No downloads from external URLs, no archive extraction, and no package installs declared by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The CLI only accesses files included in the skill bundle. There are no unexpected SECRET/TOKEN/PASSWORD requests or references to unrelated services.
Persistence & Privilege
always is false and the skill uses the normal autonomous-invocation default. The skill does not attempt to modify other skills or system-wide agent settings. Its runtime behavior is limited to reading its own data files and printing JSON or text output.
Assessment
This skill is coherent and appears to do exactly what it claims: a local tarot CLI plus data and templates used to generate cat-themed tarot readings. Before installing or running it, consider: (1) the bundle contains executable Python code (neko.py) — review it (you already have it) and run in a sandbox or virtualenv if you don't trust the unknown author; (2) you will need to install Python dependencies (typer, pydantic) per README; (3) the skill reads local JSON files included in the package (tarot.json, spreads.json, tarot_index.json) — if you plan to modify templates or data, review for unwanted text or prompts; (4) although it has no network access or credential requests, be mindful if you adapt the code to add networking or external integrations. If you want extra assurance, run the CLI locally with --json on sample inputs to inspect outputs before granting the agent autonomous access.Like a lobster shell, security has layers — review code before you run it.
latestvk9775q5ba90tr27qpm85zrkjvx839yqe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.