China Holidays
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the agent may run a local command, contact gov.cn, and update local cached holiday data.
The skill instructs the agent to run a local Python helper that may make a network request and write a cache file. This is clearly disclosed and directly supports the holiday lookup purpose.
python scripts/fetch_holidays.py --year {年份} ... 缓存未命中:联网从政府网获取数据,并自动缓存到本地Use it for holiday queries as intended, and use forced refresh only when you actually want the cache updated from the network.
Users have less external provenance information for the bundled helper script, and the Python requirement may not be obvious from metadata alone.
The skill has bundled helper code but no upstream homepage/source and no declared Python runtime requirement. This is a provenance and metadata clarity note, not evidence of malicious behavior.
Source: unknown; Homepage: none ... Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Review the bundled script if provenance matters to you, and ensure Python is available before relying on the skill.