Gaokao Calculus Bridge
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run local Python scripts from the package.
The skill directs execution of bundled Python scripts as part of normal workflows. The visible code is aligned with educational generation and parsing, but it is still local code execution.
python3 scripts/problem_generator.py \
--domain "${DOMAIN}" \
--difficulty "${DIFFICULTY}"Run it from the reviewed skill directory, keep commands user-directed, and avoid passing sensitive files or inputs unless needed for the math task.
Installing dependencies may fetch newer package versions from the package repository.
The skill depends on third-party Python packages with lower-bound version constraints rather than exact pins or a lockfile. These are common math/science packages and fit the purpose, but installation still relies on the package supply chain.
numpy>=1.21.0 matplotlib>=3.5.0 sympy>=1.10.0 pandas>=1.3.0 scipy>=1.7.0
Install in a virtual environment and pin or review dependency versions if you need a highly controlled setup.
Providing this key could allow API usage and potential costs if the runtime or future code uses it.
The skill requires an OpenAI API credential. The provided code does not show hardcoding, logging, or unrelated transmission of the key, but the visible scripts also do not clearly show why the key is required.
environment:
required:
- OPENAI_API_KEYUse a restricted or low-quota key if possible, monitor usage, and only provide the key if the skill’s OpenAI-dependent functionality is actually needed.