yanxue
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: yanxue Version: 1.0.0 The skill's core functionality for managing and exporting course plans is benign. However, the Python scripts `scripts/export_word.py` and `scripts/manage_courses.py` exhibit significant vulnerabilities. Both scripts directly use user-provided file paths from `sys.argv` without proper sanitization, making them susceptible to path traversal attacks. Specifically, `manage_courses.py` can be prompted to read the content of arbitrary files (e.g., `/etc/passwd`) and save them within the skill's storage directory, and `export_word.py` could be used to write arbitrary `.docx` files to unintended locations. While there is no clear evidence of intentional malicious behavior within the provided code, these vulnerabilities present a high risk for arbitrary file access and potential data exfiltration if exploited by a malicious agent or through prompt injection, especially given the `SKILL.md`'s mention of '文件分发' (file distribution).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental course name could cause the agent to create or overwrite a Markdown file outside the intended course folder, within the permissions of the runtime user.
The course name is taken from command-line input and inserted into a path without sanitizing slashes, '..', or absolute paths. This can escape the documented STORAGE_DIR.
name = sys.argv[2]
...
filename = f"{name}_{timestamp}.md"
filepath = os.path.join(STORAGE_DIR, filename)
...
with open(filepath, 'w', encoding='utf-8') as f:Reject path separators and '..' in course names, use a safe basename/slug, resolve the final path, and verify it remains inside /home/ubuntu/yanxue_courses before writing.
The export feature may fail until dependencies are installed, and ad hoc package installation can introduce supply-chain risk if not controlled.
The export helper depends on third-party Python modules, while the registry metadata says there is no install spec and no required binaries or environment declarations.
import markdown from htmldocx import HtmlToDocx
Declare required Python packages and versions, provide a pinned requirements file, and avoid installing dependencies from untrusted sources.
Generated documents may copy style, facts, or identifying details from bundled examples unless the user reviews and edits the output.
The skill uses bundled examples described as real user-provided course plans to guide future generation, which can cause example content, assumptions, or real school details to influence outputs.
本文件总结了用户提供的真实研学课程方案的风格特点,用于指导生成符合用户偏好的方案。
Anonymize reference examples, verify factual details before reuse, and instruct users to review generated plans for copied or outdated school/trip information.
Course plans, which may include school names or operational details, can remain on disk after the session.
The skill creates persistent local files. This persistence is disclosed and purpose-aligned, with no evidence of hidden background execution.
**自动保存**:生成的方案可自动保存至 `/home/ubuntu/yanxue_courses/` 目录。
Store only intended course documents, periodically clean the course directory, and avoid including unnecessary personal or sensitive information in generated plans.