← Back to Skills Marketplace
73
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tarot-divination
Description
塔罗牌占卜付费服务,每日为你抽取一张塔罗牌,解读牌意与运势指引。包含78张塔罗牌数据(大阿尔卡纳22张 + 小阿尔卡纳56张),每次占卜随机抽取一张牌,给你牌意解读和今日指引。
Usage Guidance
This skill is not obviously exfiltrating data or making network calls, but there are several red flags you should address before using it: 1) Replace configs/config.yaml values (crypto.sm4_key and payment.pay_to) with your own secret and account — the repo includes defaults that would direct payments/encrypted data to someone else. 2) Confirm the actual payment flow: the README says to use 'clawtip' to pay, but the scripts expect a payCredential inside the saved order JSON; verify how clawtip returns or injects that credential and whether that process is secure. 3) Fix the path mismatch: SKILL.md expects ~/.hermes/skills/塔罗牌占卜 but the code loads config from ~/.hermes/skills/skill-factory; ensure config and data files are in the path the scripts actually read. 4) Audit dependencies: the code uses the cryptography library and SM4; ensure you install a trusted cryptography package and verify it implements SM4 correctly. 5) Review the default pay_to string and key offline (don't use the default) and test the skill in a controlled environment (no real payments) until you understand the payment credential lifecycle. If the author provides documentation about how clawtip writes payCredential back to the order files or supplies an updated config with placeholders instead of real account data, that would increase confidence.
Capability Analysis
Type: OpenClaw Skill
Name: tarot-divination
Version: 1.0.0
The tarot-divination skill implements a functional tarot reading service with a built-in micro-payment (1 cent) workflow. It uses standard SM4 encryption (sm4_utils.py) to secure order data and SQLite (file_utils.py) for local order tracking. The code logic in create_order.py and serve.py aligns perfectly with the stated purpose in SKILL.md, and no indicators of data exfiltration, unauthorized execution, or malicious intent were found. While there is a minor path discrepancy in file_utils.py (referencing a 'skill-factory' directory), it appears to be a non-malicious configuration oversight.
Capability Tags
Capability Assessment
Purpose & Capability
The code and SKILL.md implement a paid tarot-drawing service and local order storage, which matches the description. However configs/config.yaml already contains a Base64 SM4 key and a long pay_to value belonging to a third party; that configuration will direct payments and encoded order data to someone else unless replaced. The presence of a prefilled pay_to/key in the repo is disproportionate to the stated purpose unless the author explicitly intends to receive payments by default.
Instruction Scope
SKILL.md instructs running commands in ~/.hermes/skills/塔罗牌占卜, but file_utils.get_skills_dir() points to ~/.hermes/skills/skill-factory (path mismatch). The payment flow is underspecified: SKILL.md says 'use clawtip to pay' but does not explain how the payment credential (payCredential) is returned/inserted into the order JSON so serve.py can decrypt and validate it. The agent is instructed to edit configs/config.yaml (sensible) but the default config already contains third-party values—this is scope creep that impacts money flow and trust.
Install Mechanism
No install spec; it's an instruction-and-script bundle. There are local Python scripts only—no network downloads during install—so installation risk is low. However, the code uses the 'cryptography' library and SM4 algorithm which may require specific versions; ensure dependencies are reviewed before running.
Credentials
The skill requests no environment variables, which is coherent, but the repo includes a hard-coded Base64 SM4 key and a pay_to account in configs/config.yaml. That file effectively contains credentials/configuration that control payment destination and encryption; keeping the provided defaults would send payments/encrypted order data to a third party. No other credentials are requested, and local DB and files are stored under the user's home directory.
Persistence & Privilege
always:false and normal invocation. The skill writes order JSON and a local SQLite DB under user-controlled directories (~/.openclaw and ~/.hermes paths). This is expected for a local paid-service skill and does not attempt to modify other skills or system-wide configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tarot-divination - After installation, invoke the skill by name or use
/tarot-divination - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
塔罗牌占卜 1.0.0 首次发布
- 提供每日塔罗牌抽取及详细解读服务,涵盖78张塔罗牌全牌库
- 支持随机抽牌,解读牌意并给出当日行动指引
- 引入简单付费机制,单次占卜1分钱
- 提供完整配置及使用说明,包括密钥与收款账号设置
- 牌意详解与操作示例全面收录
Metadata
Frequently Asked Questions
What is 塔罗牌占卜?
塔罗牌占卜付费服务,每日为你抽取一张塔罗牌,解读牌意与运势指引。包含78张塔罗牌数据(大阿尔卡纳22张 + 小阿尔卡纳56张),每次占卜随机抽取一张牌,给你牌意解读和今日指引。 It is an AI Agent Skill for Claude Code / OpenClaw, with 73 downloads so far.
How do I install 塔罗牌占卜?
Run "/install tarot-divination" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 塔罗牌占卜 free?
Yes, 塔罗牌占卜 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 塔罗牌占卜 support?
塔罗牌占卜 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 塔罗牌占卜?
It is built and maintained by Arya (@guoshuai1); the current version is v1.0.0.
More Skills