中国节假日检测
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears benign: it checks Chinese holiday/workday status locally, with the main things to notice being its external Python package dependency and a fixed local package-version check.
This looks safe for normal use as a local Chinese holiday/workday checker. Before installing, verify that you are comfortable installing the chinesecalendar Python package, and if you use the script in automation, make sure it runs in the intended Python environment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency pulls code from the Python package ecosystem, so the user is trusting that package as well as this skill.
The skill relies on an external Python package and asks the user to install it manually. That is expected for this holiday-checking purpose, but it introduces normal package-source trust considerations.
metadata: {"clawdbot":{"emoji":"📅","requires":{"packages":["chinesecalendar"]}}} ... pip install chinesecalendarInstall or upgrade chinesecalendar only from a trusted Python package index, and consider pinning a known-good version if using it in automation.
The skill will query local Python package metadata when the script is run.
The script invokes a local command to inspect the installed package version. The arguments are fixed and purpose-aligned, with no shell invocation or user-controlled command construction shown.
subprocess.run([sys.executable, '-m', 'pip', 'show', 'chinesecalendar'], capture_output=True, text=True)
This behavior is reasonable for the stated purpose; run it in the intended Python environment so it checks the correct installed package.