中小学教师智能备课助手
ReviewAudited by ClawScan on May 10, 2026.
Overview
This lesson-prep skill has a clear purpose, but it includes overbroad instructions to expand tasks, download resources, delete script files, store platform passwords, and modify persistent agent memory.
Review this skill before installing. It is useful for lesson-prep automation, but only use it in a workspace where extra generated files and downloads are acceptable, do not enter platform passwords unless you are comfortable with local JSON storage, and make sure any cleanup step cannot delete unrelated .py or .js files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a teacher asks only for one item, the agent may still create extra files and perform extra downloads.
This instruction explicitly tells the agent to override a narrower user request and always expand the task into a full package.
- **成套生成**:无论用户要求什么,都必须生成完整资料包
Treat full-package generation as an optional default, and ask the user before expanding a narrower request.
The agent could download resources without enough user review and could delete useful Python or JavaScript files if it interprets the cleanup rule broadly.
The skill mandates network downloads and gives a broad deletion instruction for script files without clearly limiting deletion to generated temporary files in a safe folder.
- **资源下载**:必须实际下载参考资料,不能只保存链接 - **文件清理**:生成后删除所有 .py/.js 脚本文件
Require user confirmation before downloads, and restrict cleanup to named temporary files created by this skill inside the generated course folder.
Education-platform credentials may be stored in plaintext in the workspace and could be exposed through backups, sharing, or other local access.
The code prompts for education-platform passwords and saves the account data to a local JSON file, creating persistent credential storage.
self.accounts_file = self.workspace / ".workbuddy" / "teaching-materials-accounts.json" ... password = input(f"密码: ").strip() ... json.dump(accounts_data, f, ensure_ascii=False, indent=2)
Avoid saving raw passwords; use tokens or OS keychain storage, clearly declare the credential requirement, and let users skip or delete stored credentials easily.
Diagram generation may depend on external package provenance and version changes.
The integration example uses an unpinned npm package through npx for an MCP helper, which can execute externally supplied code if the user configures it.
"command": "npx", "args": ["-y", "mcp-diagram-generator"]
Pin helper package versions, install from trusted sources, and document exactly which external tools are required.
The skill may remain easier to trigger in future sessions through persistent memory entries.
The install guide describes persistent changes to a global agent memory file so that shortcut commands activate the skill later.
系统会自动在用户全局记忆中添加以下激活命令 ... {用户主目录}/.workbuddy/memory/CLAW.mdAsk before editing global memory, show the exact lines added, and provide a simple removal procedure.