塔罗牌占卜

v1.0.0

塔罗牌占卜付费服务，每日为你抽取一张塔罗牌，解读牌意与运势指引。包含78张塔罗牌数据（大阿尔卡纳22张 + 小阿尔卡纳56张），每次占卜随机抽取一张牌，给你牌意解读和今日指引。

⭐ 0· 65·0 current·0 all-time

byArya@guoshuai1

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for guoshuai1/tarot-divination.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "塔罗牌占卜" (guoshuai1/tarot-divination) from ClawHub.
Skill page: https://clawhub.ai/guoshuai1/tarot-divination
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tarot-divination

ClawHub CLI

Package manager switcher

npx clawhub@latest install tarot-divination

Security Scan

Capability signals

CryptoCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code and SKILL.md implement a paid tarot-drawing service and local order storage, which matches the description. However configs/config.yaml already contains a Base64 SM4 key and a long pay_to value belonging to a third party; that configuration will direct payments and encoded order data to someone else unless replaced. The presence of a prefilled pay_to/key in the repo is disproportionate to the stated purpose unless the author explicitly intends to receive payments by default.

Instruction Scope

SKILL.md instructs running commands in ~/.hermes/skills/塔罗牌占卜, but file_utils.get_skills_dir() points to ~/.hermes/skills/skill-factory (path mismatch). The payment flow is underspecified: SKILL.md says 'use clawtip to pay' but does not explain how the payment credential (payCredential) is returned/inserted into the order JSON so serve.py can decrypt and validate it. The agent is instructed to edit configs/config.yaml (sensible) but the default config already contains third-party values—this is scope creep that impacts money flow and trust.

✓

Install Mechanism

No install spec; it's an instruction-and-script bundle. There are local Python scripts only—no network downloads during install—so installation risk is low. However, the code uses the 'cryptography' library and SM4 algorithm which may require specific versions; ensure dependencies are reviewed before running.

Credentials

The skill requests no environment variables, which is coherent, but the repo includes a hard-coded Base64 SM4 key and a pay_to account in configs/config.yaml. That file effectively contains credentials/configuration that control payment destination and encryption; keeping the provided defaults would send payments/encrypted order data to a third party. No other credentials are requested, and local DB and files are stored under the user's home directory.

✓

Persistence & Privilege

always:false and normal invocation. The skill writes order JSON and a local SQLite DB under user-controlled directories (~/.openclaw and ~/.hermes paths). This is expected for a local paid-service skill and does not attempt to modify other skills or system-wide configuration.

What to consider before installing

This skill is not obviously exfiltrating data or making network calls, but there are several red flags you should address before using it: 1) Replace configs/config.yaml values (crypto.sm4_key and payment.pay_to) with your own secret and account — the repo includes defaults that would direct payments/encrypted data to someone else. 2) Confirm the actual payment flow: the README says to use 'clawtip' to pay, but the scripts expect a payCredential inside the saved order JSON; verify how clawtip returns or injects that credential and whether that process is secure. 3) Fix the path mismatch: SKILL.md expects ~/.hermes/skills/塔罗牌占卜 but the code loads config from ~/.hermes/skills/skill-factory; ensure config and data files are in the path the scripts actually read. 4) Audit dependencies: the code uses the cryptography library and SM4; ensure you install a trusted cryptography package and verify it implements SM4 correctly. 5) Review the default pay_to string and key offline (don't use the default) and test the skill in a controlled environment (no real payments) until you understand the payment credential lifecycle. If the author provides documentation about how clawtip writes payCredential back to the order files or supplies an updated config with placeholders instead of real account data, that would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

divinationvk97334kva56073p9jdjfwvqnkd84zby7fortunevk97334kva56073p9jdjfwvqnkd84zby7latestvk97334kva56073p9jdjfwvqnkd84zby7tarotvk97334kva56073p9jdjfwvqnkd84zby7

65downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

塔罗牌占卜

每日塔罗牌运势解读服务，带你探索命运的启示。

功能特点

每日抽牌：每次占卜随机抽取一张塔罗牌
78张牌库：涵盖大阿尔卡纳22张 + 小阿尔卡纳56张
详细解读：包含牌意解读和行动指引
付费服务：每次占卜仅需 1 分钱

使用方式

第一步：创建订单

cd ~/.hermes/skills/塔罗牌占卜
python3 scripts/create_order.py "今日运势"

第二步：完成支付

使用 clawtip 完成支付（1分钱）

第三步：获取占卜结果

python3 scripts/serve.py <订单号>

牌阵说明

大阿尔卡纳（22张）

愚人、魔术师、女祭司、皇后、皇帝、教皇、恋人、战车、力量、隐士、命运之轮、正义、倒吊人、死亡、节制、恶魔、塔、星星、月亮、太阳、审判、世界

小阿尔卡纳（56张）

权杖牌组（10张）： Ace~十
圣杯牌组（10张）： Ace~十
金币牌组（10张）： Ace~十
宝剑牌组（10张）： Ace~十

配置

编辑 configs/config.yaml 配置你的收款账号和加密密钥：

crypto:
  sm4_key: "你的SM4密钥"
payment:
  pay_to: "你的收款账号"
service:
  amount: 1

牌意解读示例

愚人牌

牌意：新的开始、自由、冒险、信任
指引：跟随你的直觉，勇敢迈出第一步

太阳牌

牌意：成功、活力、快乐、温暖
指引：这是属于你的闪耀时刻！

星星牌

牌意：希望、灵感、平静、疗愈
指引：保持希望，光明就在前方

注意事项

塔罗牌是指引而非预言，仅供参考
每张牌的解读都有多个层面，需结合实际情况理解
牌面显示的是当前能量状态，代表的是"现在进行式"

配置: configs/config.yaml

Comments

Loading comments...