Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Quiz Generator
v1.0.0测试问卷生成器。支持心理测试、性格测试、问卷调查自动生成。
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (quiz/test generator) align with the SKILL.md content: templates, scoring rules, result pages and test types are all coherent with the stated purpose.
Instruction Scope
SKILL.md stays within quiz-generation scope (no commands, no system file access, no env var access). However, it lists related resources and scripts (e.g., scripts/generate_quiz.py, scripts/calculate_score.py, references/, assets/) that are not present in the package manifest. That mismatch (documentation claiming code/assets that are absent) is an inconsistency: either required code is missing or the doc is out-of-date. Also the skill includes guidance for psychological self-tests (depression/anxiety) which are sensitive and require careful handling, disclaimers, and validation.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to run, which is low-risk from an install standpoint. Nothing will be written to disk by an installer because no installer is declared.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is no apparent need for elevated credentials based on the stated functionality.
Persistence & Privilege
The skill does not request always:true and uses default invocation settings (user-invocable, agent may call it autonomously). It does not declare modifications to other skills or system-wide configuration.
What to consider before installing
This skill appears to be a documentation/instruction bundle for generating quizzes and is internally coherent, but you should proceed cautiously because: (1) the SKILL.md references scripts and asset directories that are not included — ask the publisher to provide the missing scripts (generate_quiz.py, calculate_score.py) or clarify that this is documentation-only; do not run unknown code if provided later without reviewing it. (2) The skill covers mental-health screening (depression, anxiety). If you intend to use or publish such tests, ensure clinical validation, legal/ethical disclaimers, and privacy protections; do not treat outputs as medical diagnoses. (3) Before installing or running any associated code, request the source repository or homepage and inspect code for network calls, credential usage, or data exfiltration. (4) If you need a higher-assurance judgment, supply the missing scripts or any install spec and I can re-evaluate — presence of network-accessing code, undeclared environment variables, or an installer that downloads archives would raise the risk level.Like a lobster shell, security has layers — review code before you run it.
latestvk974k9m3drq1xatmem6m2vm5tn83yba1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.