Create Educational Subagent
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly about creating a teaching-progress subagent, but it tells the user to approve broad device/operator permissions, including admin and secrets access, without clear scoping.
Review this skill carefully before installing or using it. The class-progress subagent idea is reasonable, but do not run the permission approval script or `openclaw devices approve --latest` blindly. Inspect the exact permission request first, reject broad admin/secrets permissions unless truly required, and clarify where long-term class records will be stored and how they can be deleted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the recommended approval flow could grant the device or agent powerful account/control permissions, including access related to secrets, not just educational tracking.
The skill explicitly documents escalating from read access to broad operator/admin, approval, pairing, write, and secrets-related permissions. Those privileges exceed what is clearly necessary to create a class-progress tracker.
权限升级: 从 `operator.read` 升级到 `operator.admin`, `operator.write`, `operator.approvals`, `operator.pairing`, `operator.talk.secrets`
Do not approve these permissions unless you have inspected the exact pending request and confirmed the minimum required privileges. Prefer a least-privilege setup that does not include admin, approvals, pairing, or secrets access unless strictly necessary.
A user could accidentally approve the wrong permission request or grant broader control than intended.
The helper script approves the latest pending permission request without identifying the specific request, scope, or agent. This could approve an unrelated or broader request if one is pending.
openclaw devices approve --latest
Avoid running this script as-is. Manually list and inspect pending permission requests, then approve only the specific request that matches the intended subagent and required minimal scope.
The spawned subagent may continue the requested task in a separate session context, so the user should know what authority and context it receives.
The skill creates a separate subagent. This is disclosed and aligned with the stated purpose, but users should understand they are delegating work to another agent process.
openclaw sessions_spawn --runtime acp --agentId <your_agent_id> --label "教务子 agent" --mode run --task
Create the subagent only after confirming its runtime, permissions, and task text. Keep it limited to recording and answering class-progress information.
Class progress information may be retained in agent context or records; users should avoid adding unnecessary student personal data.
The skill is designed to maintain class progress records over time. This is purpose-aligned, but the artifacts do not explain storage location, retention, or deletion controls.
记录每个班每次课教了什么内容、讲到哪个知识点 ... 你会按时间顺序整理各班的上课记录
Define where progress records are stored, how long they are kept, how to delete them, and avoid recording sensitive student information unless necessary.