ClawHub
Back to skill
v1.0.0

猫咪塔罗占卜助手

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:44 AM.

Analysis

This skill appears to be a coherent tarot-reading assistant that runs a small local Python CLI and reads bundled tarot data, with no evidence of credential use, network access, persistence, or destructive behavior.

GuidanceThis looks safe to use as an entertainment-oriented tarot assistant. Be aware that it runs a local Python helper and may require installing Python packages; only install dependencies from trusted sources and avoid treating tarot output as professional financial, medical, legal, or mental-health advice.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityInfoConfidenceHighStatusNote
SKILL.md
执行:`python neko.py draw --spread [ID] --json`

The skill expects the agent to run an included local Python script. This is disclosed and central to the tarot draw workflow, and the provided code only reads bundled JSON data and prints results.

User impactThe agent may run a local Python command to perform the tarot draw, but the reviewed code does not show network access, file writing, credential use, or destructive actions.
RecommendationAllow the CLI only for the documented tarot commands, and review dependency installation if the required Python packages are not already installed.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
pip install "typer[all]" pydantic

The README documents external Python dependencies even though the registry install section has no install spec. This is a minor setup/provenance note for users.

User impactIf the dependencies are not installed, the user or environment may need to install packages from the Python package ecosystem.
RecommendationInstall dependencies from trusted package sources and prefer pinned versions if using this skill in a controlled environment.