ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ruankao Gaoxiang Prep

v1.0.4

软考高级信息系统项目管理师备考技能。每天推送教材第四版重点章节的10条背诵重点和10个英语单词。支持章节查询、重点回顾、单词记忆等功能。当用户提到"软考高项"、"备考"、"章节重点"、"英语单词"、"软考复习"等相关需求时触发。

0· 177·0 current·0 all-time
byliu hongbin@artwebs
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (软考高项备考、每日推送、章节查询、单词记忆) aligns with requested resources and behavior: it reads local references/, generates daily content, and sends messages via a QQ bot. The declared config requirement channels.qqbot is consistent with delivering pushes to QQ.
Instruction Scope
SKILL.md explicitly instructs the agent to create cron jobs (using the platform cron tool) and to run scripts/daily_push.py and read references/*.md. That stays within the exam-prep scope. The SKILL.md also mandates using the cron tool (i.e., scheduling autonomous agent turns), and produces payloads that deliver messages to a 'to' openid — those are expected for push functionality but grant the skill the capability to send messages on a schedule.
Install Mechanism
There is no platform install spec (instruction-only), which is the lowest install risk. However the skill bundle includes two executable scripts (scripts/daily_push.py and scripts/setup.sh). Those are executed by the runtime instructions/quickstart; their contents were not provided for full review here, so they should be inspected before running.
!
Credentials
The skill requests access to config path channels.qqbot. For a QQ push skill this is proportionate, but channels.* config entries commonly contain bot credentials/tokens or endpoints. Granting this config path lets the skill post messages as the configured bot — a sensitive capability. No environment variables or unrelated credentials are requested, which is appropriate.
Persistence & Privilege
always:false (good). The skill's workflow relies on creating cron jobs that will autonomously invoke the agent (agentTurn payload). Autonomous scheduled invocation combined with access to channels.qqbot increases blast radius if the skill or its scripts are malicious. The skill does not appear to modify other skills or global agent settings.
What to consider before installing
This skill appears to do what it says (generate daily study pushes from local reference files and send them via QQ), but take these precautions before installing or granting permissions: 1) Inspect scripts/daily_push.py and scripts/setup.sh for network calls, data exfiltration, or unexpected behavior (look for HTTP requests, remote URLs, or subprocess calls). 2) Examine the contents of the config path channels.qqbot (or ask what keys it holds). If it contains bot tokens or credentials, only grant access if you trust the skill author. 3) If you are uncomfortable granting channels.qqbot, run the daily_push.py manually to test output and only allow the skill to schedule cron jobs that deliver to your own, vetted openid. 4) Prefer running setup.sh and any tests in a sandboxed environment and check what files it writes (it prompts for QQ openid — avoid entering secrets). 5) If you need higher assurance, request the full source of scripts from the author or run a code review/audit of those scripts before enabling scheduled/autonomous pushes.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📚 Clawdis
Configchannels.qqbot
examvk97cpykk2qsc1zx8gz7cqbwtcn83js90latestvk978y4h722sr97h1fbrybc3psn8597dzlearningvk97cpykk2qsc1zx8gz7cqbwtcn83js90ruankaovk97cpykk2qsc1zx8gz7cqbwtcn83js90studyvk97cpykk2qsc1zx8gz7cqbwtcn83js90
177downloads
0stars
5versions
Updated 7h ago
v1.0.4
MIT-0
liu hongbin@artwebs
examlatestlearningruankaostudy
Download

软考高项备考

⚠️ 强制规则

当用户提到「软考高项备考」「每日推送」「章节重点」「英语单词」「软考复习」等任何涉及备考推送的请求时,必须调用 cron 工具来设置定时提醒,绝对不能只用自然语言回复!

功能概览

1. 每日推送(默认每天早上 9:00)

  • 📖 10条重点章节背诵要点:来自教材第四版各章节核心内容
  • 📝 10个英语单词:软考相关英语术语

2. 按需查询

  • 查看指定章节的重点内容
  • 查看特定章节的英语单词
  • 查看所有章节列表

3. 学习进度

  • 记录已学习章节
  • 回顾已推送内容

设置每日推送

默认推送时间:每天 9:00

payload.kind 必须是 "agentTurn"

完整 job 配置:

{
  "action": "add",
  "job": {
    "name": "软考高项每日推送",
    "schedule": {
      "kind": "cron",
      "expr": "0 9 * * *",
      "tz": "Asia/Shanghai"
    },
    "sessionTarget": "isolated",
    "wakeMode": "now",
    "payload": {
      "kind": "agentTurn",
      "message": "请执行以下任务:(1) 调用 scripts/daily_push.py 获取今天的推送内容 (2) 输出格式:'📚 软考高项每日复习 {日期}\\n\\n📖 今日重点(第X章):\\n{10条重点内容}\\n\\n📝 今日英语单词:\\n{10个单词}\\n\\n💪 加油,坚持就是胜利!' (3) 不要回复HEARTBEAT_OK (4) 用emoji点缀让内容更生动",
      "deliver": true,
      "channel": "qqbot",
      "to": "{用户的openid}"
    }
  }
}

使用场景

场景 1:设置每日推送

用户说:

  • "设置软考备考推送"
  • "每天推送复习内容"
  • "开始每日背诵"

AI 行为:

  1. 调用 cron 工具创建每天 9:00 的定时提醒
  2. 回复:📚 收到!每天早上9:00会推送软考高项复习内容~

场景 2:查看今日推送

用户说:

  • "今天的复习内容"
  • "今天的重点"
  • "今天背什么"

AI 行为:

  1. 调用 scripts/daily_push.py 获取今天的推送内容
  2. 输出格式化的复习内容

场景 3:查询章节重点

用户说:

  • "第一章重点"
  • "项目整体管理重点"
  • "看看进度管理的重点"

AI 行为:

  1. references/ 中读取对应章节的重点文件
  2. 输出该章节的背诵要点(10条)

章节对应关系(教材第四版,共24章):

章节名称文件
第1章信息系统基础chapter01-info-system.md
第2章信息系统项目管理chapter02-it-development.md
第3章项目立项管理chapter03-governance.md
第4章项目整体管理chapter04-is-management.md
第5章信息系统工程chapter05-is-engineering.md
第6章项目整体管理chapter06-pm-overview.md
第7章立项管理chapter07-initiation.md
第8章项目整合管理chapter08-integration.md
第9章项目范围管理chapter09-scope.md
第10章进度管理chapter10-schedule.md
第11章成本管理chapter11-cost.md
第12章质量管理chapter12-quality.md
第13章资源管理chapter13-resource.md
第14章沟通管理chapter14-communication.md
第15章风险管理chapter15-risk.md
第16章采购管理chapter16-procurement.md
第17章干系人管理chapter17-stakeholder.md
第18章项目绩效域chapter18-performance.md
第19章配置与变更管理chapter19-config-change.md
第20章高级项目管理chapter20-advanced.md
第21章运筹学计算chapter21-calculation.md
第22章组织通用治理chapter22-governance.md
第23章组织通用管理chapter23-management.md
第24章法律法规与标准规范chapter24-legal.md

场景 4:查询英语单词

用户说:

  • "今天的英语单词"
  • "软考英语单词"
  • "背单词"

AI 行为:

  1. references/english-words.md 中读取单词
  2. 输出10个单词及释义

场景 5:查看所有章节

用户说:

  • "有哪些章节"
  • "章节列表"
  • "复习进度"

AI 行为:

  1. 读取章节列表
  2. 输出所有章节名称和编号

资源文件说明

references/chapterXX-xxx.md

每个章节文件包含该章节的背诵重点(至少10条),格式:

# 第X章 章节名称

## 背诵重点

1. 重点内容1
2. 重点内容2
...
10. 重点内容10

## 补充说明(可选)

额外的补充信息

references/english-words.md

英语单词文件,格式:

# 软考英语词汇

## 单词列表

1. **Project** [ˈprɒdʒekt] n. 项目
2. **Management** [ˈmænɪdʒmənt] n. 管理
...

定时推送内容生成

每日推送内容由 scripts/daily_push.py 生成:

逻辑:

  1. 根据日期确定今天的章节(使用日期轮询:日期 % 24 + 1)
  2. 读取该章节的重点内容(取前10条)
  3. 读取英语单词(取前10个)
  4. 格式化输出

输出示例:

📚 软考高项每日复习 2026年03月25日

📖 今日重点(第1章 信息系统基础):

1. 信息系统的定义:信息系统是由人、硬件、软件、数据和网络构成的系统
2. 信息的特征:客观性、适用性、可传输性、共享性
3. 信息系统生命周期:立项、开发、运维、消亡四个阶段
4. 软件工程三要素:方法、工具、过程
5. 软件开发生存周期模型:瀑布模型、原型模型、螺旋模型、迭代模型
6. 需求分析的重要性:决定了系统的目标和功能
7. 系统设计原则:模块化、抽象、信息隐藏、模块独立
8. 软件测试的目的:发现错误、提高质量
9. 软件维护的类型:改正性、适应性、完善性、预防性维护
10. 软件质量特性:功能性、可靠性、易用性、效率、可维护性、可移植性

📝 今日英语单词:

1. **Project** [ˈprɒdʒekt] n. 项目
2. **Management** [ˈmænɪdʒmənt] n. 管理
3. **Stakeholder** [ˈsteɪkhəʊldə(r)] n. 干系人
4. **Milestone** [ˈmaɪlstəʊn] n. 里程碑
5. **Critical Path** [ˈkrɪtɪkl pɑːθ] n. 关键路径
6. **Risk** [rɪsk] n. 风险
7. **Quality** [ˈkwɒləti] n. 质量
8. **Scope** [skəʊp] n. 范围
9. **Schedule** [ˈʃedjuːl] n. 进度
10. **Baseline** [ˈbeɪslaɪn] n. 基准

💪 加油,坚持就是胜利!

回复模板

场景回复
设置推送成功📚 收到!每天早上9:00会推送软考高项复习内容~
查询无内容📚 还没有创建对应章节的内容哦~ 需要我帮你补充吗?
查看章节📖 第X章 {章节名称}的重点内容:\n\n{10条重点}
查看单词📝 软考英语词汇(10个):\n\n{10个单词}
取消推送成功✅ 已取消软考备考推送~

Cron 表达式参考

推送时间Cron 表达式
每天 8:00"0 8 * * *"
每天 9:00"0 9 * * *"
每天 20:00"0 20 * * *"

个性化设置

用户可以自定义推送时间,例如:

  • "8点推送" → --cron "0 8 * * *"
  • "晚上8点推送" → --cron "0 20 * * *"

Comments

Loading comments...