Back to skill
Skillv1.0.0
ClawScan security
Zhouyi Bazi Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 3:32 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only reference assistant for Zhouyi/Bazi/Qimen texts that only reads the included reference files and its declared behavior matches its stated purpose.
- Guidance
- This skill appears to be a coherent, read-only reference helper for classical Chinese命理 texts and includes local summaries and public-source links. Before installing, consider: (1) it does not generate natal charts — if you need chart calculation you'll need an additional skill or external service; (2) avoid sending sensitive personal PII (exact birth time, full name, ID numbers) unless you understand how the agent will use and store that data; (3) verify any external links or quoted translations if you need authoritative academic sourcing (the references cite public sites like Baidu Baike and digital archives). If you want autonomous agents to use this skill, note that autonomous invocation is platform-default but is not a red flag here because the skill only reads bundled reference files.
Review Dimensions
- Purpose & Capability
- okThe name/description (Zhouyi·Bazi/Qimen reference and interpretation) aligns with the provided assets: SKILL.md plus two reference markdown files containing classical-source summaries and links. It does not request unrelated credentials, binaries, or system resources.
- Instruction Scope
- okRuntime instructions explicitly direct the agent to load the local reference files (references/classic_texts.md and references/qimen_texts.md) and produce structured answers with citations. The instructions do not ask the agent to read other filesystem paths, environment variables, or to transmit data to external endpoints beyond including public reference links.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only and writes nothing to disk nor downloads external code. Low install risk.
- Credentials
- okNo environment variables, credentials, or config paths are required. The declared requirements match the skill's function (local reference lookup and explanation).
- Persistence & Privilege
- okThe skill does not request always:true or other elevated persistence. It is user-invocable and can be invoked autonomously (platform default), which is expected for skills of this type and does not itself raise a concern.