Awesome Bazi Calculator - Cantian AI
v0.0.7八字排盘技能。根据阳历出生时间计算四柱八字、五行、十神、神煞等命理信息。使用场景:用户查询八字、命理分析、四柱排盘、出生时间转换农历/干支。 / Bazi charting skill. Calculates the Four Pillars (Bazi), Five Elements, Ten Gods, an...
⭐ 5· 1k·29 current·29 all-time
bycantian.ai@tianlinle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Bazi/charting, lunar/solar conversion) align with the included scripts. All scripts simply parse CLI args and call functions (buildBaziFromSolar, buildBaziFromLunar, getChineseCalendar, and markdown serializers) from the cantian-tymext npm package.
Instruction Scope
SKILL.md instructs running npm i and then node/tsx to execute the scripts in the skill root. The instructions only reference standard CLI args, date parsing, and printing Markdown to stdout; they do not instruct reading unrelated files, environment variables, or posting data to external endpoints.
Install Mechanism
There is no custom install script; installation is via npm (package.json depends on cantian-tymext@^0.0.26). Using npm is proportionate for a Node/TypeScript skill, but it does pull code from the public registry — the security posture therefore depends on the trustworthiness of the cantian-tymext package.
Credentials
The skill declares no required env vars or config paths and the scripts do not access environment variables. This is proportional for a local calendar/Bazi calculator.
Persistence & Privilege
always is false; the skill does not request persistent system-wide changes or modify other skills. Runtime actions are local script executions that print results to stdout.
Assessment
This skill appears coherent and implements what it claims: small TypeScript scripts that call an npm library to compute Bazi and Chinese-calendar data. Before installing, consider: (1) the npm dependency (cantian-tymext@^0.0.26) carries the actual logic — review that package's source, publisher, and recent release history if you need higher assurance; (2) run npm install and the scripts in an isolated environment if you are cautious; (3) no credentials or env vars are required and the scripts only output Markdown to stdout, but the external dependency could contain behavior not visible here (e.g., network calls), so auditing that package or pinning a vetted version reduces risk.Like a lobster shell, security has layers — review code before you run it.
latestvk978734bvxqzy8vyfwraw8809h831eqx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.