Destiny Fusion Pro
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: destiny-fusion-pro Version: 1.0.3 The destiny-fusion-pro skill bundle is a legitimate implementation of a Chinese astrology (Ziwei Doushu and Bazi) consultation tool. The Python script (fortune_fusion.py) and Node.js bridge (ziwei_engine_js.mjs) use reputable libraries like lunar-python and iztro to perform complex calculations offline. Security analysis shows safe use of subprocess (passing argument lists rather than shell strings), no network activity, and no evidence of data exfiltration or malicious prompt injection. The instructions in SKILL.md explicitly enforce an offline-first policy, which aligns with the stated purpose and reduces the attack surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may involve running local code with the birth details the user provides.
The recommended workflow runs a local Python script. This is disclosed, user-directed, and matches the stated offline calculation purpose.
python scripts/fortune_fusion.py \ --date 1990-10-21 \ --time 15:30
Run it only from the installed skill directory and keep execution user-directed; do not treat it as an automatically safe background task.
The skill may not work until third-party astrology libraries are installed, and those packages become part of the trust chain.
The script relies on external calculation packages, but the registry section says there is no install spec and no required binaries. The dependency use is purpose-aligned, but users should notice the undeclared package requirement.
from lunar_python import Solar ... from iztro_py import astro ... "未安装 iztro-py,请先安装:pip install iztro-py"
Install dependencies only from trusted package sources and consider adding explicit, pinned installation requirements in the skill metadata.