← 返回 Skills 市场
792
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install zodiac-horoscope
功能描述
Fetch personalized daily horoscope forecasts from zodiac-today.com API based on natal chart calculations. Use when a user wants: (1) daily guidance on what a...
安全使用建议
Before installing: (1) note the manifest mismatch — SKILL.md requires ZODIAC_API_KEY and ZODIAC_PROFILE_ID but the registry metadata doesn't declare them; ask the publisher to correct the metadata. (2) This skill will ask for sensitive PII (email, birth date, birth city) — only collect with explicit consent and store/delete data securely. (3) The runtime doc suggests the agent can automatically read verification emails via IMAP; avoid granting mailbox/IMAP access unless you trust the skill and operator — prefer a manual code-entry workflow. (4) Keep the API key and profile ID in a dedicated, least-privilege environment (or ephemeral secrets), and delete temporary cookie files as instructed. (5) Because this is instruction-only, there was no code to scan; that reduces evidence about hidden behavior — if you need higher assurance, request a signed author/source and a manifest update listing the required env vars and exact scopes (email access, cookie storage).
功能分析
Type: OpenClaw Skill
Name: zodiac-horoscope
Version: 1.3.0
The skill is classified as suspicious primarily due to the instruction in `SKILL.md` that suggests the AI agent may retrieve a verification code automatically from the user's email via IMAP if it has access. While the stated purpose is to automate a legitimate setup step for the `zodiac-today.com` service, instructing an agent to access a user's email inbox, even for a specific email and code, represents a high-risk capability. This capability, if combined with broad agent permissions or misinterpretation, could lead to unintended privacy breaches, making it a risky design choice rather than clearly malicious intent.
能力评估
Purpose & Capability
The skill's stated purpose (fetch personalized horoscopes from zodiac-today.com) legitimately requires an API key and a profile ID and may require user birth data — so the runtime requirements in SKILL.md are coherent with the purpose. However, the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly requires ZODIAC_API_KEY and ZODIAC_PROFILE_ID; that registry/manifest mismatch is an integrity concern.
Instruction Scope
The SKILL.md instructs the agent to collect sensitive PII (email, birth date, birth city) and explicitly says it may automatically retrieve the verification code 'if the agent has email access (e.g., IMAP)'. That broadens scope to mailbox access (not declared elsewhere) and instructs writing a session cookie file (cookies.txt). Although the doc asks for user consent and to delete cookies.txt, it still directs behaviors (email/IMAP access, temporary cookie storage) that go beyond simple API calls and may require additional privileges the registry doesn't declare.
Install Mechanism
This is instruction-only with no install spec and no code files — minimal install surface and nothing is written to disk by an installer. The only file operation noted is a temporary cookies.txt created by curl in the documented workflow; that is explicitly described and meant to be deleted.
Credentials
SKILL.md requires two environment values (ZODIAC_API_KEY and ZODIAC_PROFILE_ID) which are proportional to the API integration. But the registry metadata lists none — a mismatch that could hide required secrets. The skill also requires collection of sensitive PII for natal chart calculations; collecting this data is explainable for the feature but increases privacy risk and requires explicit consent and secure handling. The instructions also mention session cookies and possible automated email access, which implies access to credentials or mailboxes not declared in manifest.
Persistence & Privilege
The skill is not forced-always and is user-invocable; autonomous model invocation remains permitted (the default). The main privilege concern is the instruction to access the user's email (IMAP) to retrieve verification codes — combined with autonomous invocation this could increase blast radius. There is no install-time persistence or system-level privilege escalation requested in the files provided.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zodiac-horoscope - 安装完成后,直接呼叫该 Skill 的名称或使用
/zodiac-horoscope触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Fixed metadata mismatch: moved env var declarations into description for registry visibility. Clarified human-in-the-loop email verification, secure cookie handling, and PII consent flow.
v1.2.0
Declared required env vars (ZODIAC_API_KEY, ZODIAC_PROFILE_ID); added PII privacy notice for birth data
v1.1.0
Added registration and API key setup workflow via API (no browser needed)
v1.0.0
Initial release: personalized daily horoscope forecasts from zodiac-today.com API
元数据
常见问题
Zodiac Horoscope 是什么?
Fetch personalized daily horoscope forecasts from zodiac-today.com API based on natal chart calculations. Use when a user wants: (1) daily guidance on what a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 792 次。
如何安装 Zodiac Horoscope?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zodiac-horoscope」即可一键安装,无需额外配置。
Zodiac Horoscope 是免费的吗?
是的,Zodiac Horoscope 完全免费(开源免费),可自由下载、安装和使用。
Zodiac Horoscope 支持哪些平台?
Zodiac Horoscope 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Zodiac Horoscope?
由 dowands(@dowands)开发并维护,当前版本 v1.3.0。
推荐 Skills