Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TeacherKit - AI 备课助手
v1.0.0AI 备课助手 — 一键生成教案、试题、课程大纲。为教师打造的一站式备课工具。AI Lesson Prep Kit for educators — generate lesson plans, quizzes, and course outlines.
⭐ 0· 185·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, README and the visible portions of teacher_kit.py all describe generating lesson plans, quizzes, and syllabi — this is consistent. However, the README and metadata claim 'Zero dependencies' while teacher_kit.py imports pydantic (an external dependency). That mismatch is a design/information coherence issue (not necessarily malicious) and should be resolved before installation.
Instruction Scope
The SKILL.md instructions are narrowly focused on collecting pedagogical parameters and producing structured outputs (教案/试题/大纲). They do not instruct the agent to read arbitrary files, access environment variables, or send data to external endpoints. The visible code builds prompts and uses an event emitter for status updates — behavior consistent with the stated purpose.
Install Mechanism
No install spec is provided (instruction-only / paste the .py into OpenWebUI), which is low risk. However, the README explicitly states 'Zero dependencies' while the code imports pydantic. That implies either (a) the code will fail if pydantic isn't available, or (b) the README is inaccurate. This is an inconsistency to clarify; it affects usability but also indicates the package metadata hasn't been carefully reconciled.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code surfaces user-level settings (subject, student_level, language) only. There is no declared need for external API keys or secrets, which aligns with the stated offline prompt-engineering approach.
Persistence & Privilege
Flags show always:false and normal user-invocable behavior. The skill does not request persistent system-wide privileges in the provided materials, nor does it attempt to modify other skills. The use of an event emitter is standard for status updates and not a privilege concern.
What to consider before installing
The skill appears to do what it says (generate lesson plans, quizzes, syllabi) and does not request credentials or external services. Before installing: (1) Review the full teacher_kit.py (the provided copy was truncated) to confirm there are no hidden network calls or data-exfiltration routines. (2) Note the README says "Zero dependencies" but the code imports pydantic — ensure the runtime has pydantic or the author updates documentation. (3) If you'll use real student data, confirm the skill does not send content externally (inspect for requests, aiohttp, urllib, socket, or custom endpoints). (4) Prefer running the skill in a sandboxed/dev environment first. If you want, provide the full un-truncated teacher_kit.py and I can re-check for any hidden network or I/O behavior — that would raise confidence from medium to high.Like a lobster shell, security has layers — review code before you run it.
educationvk979twxhysq43jmcyfvvqk9ec9834a7alatestvk979twxhysq43jmcyfvvqk9ec9834a7alesson-planvk979twxhysq43jmcyfvvqk9ec9834a7aquizvk979twxhysq43jmcyfvvqk9ec9834a7asyllabusvk979twxhysq43jmcyfvvqk9ec9834a7ateachingvk979twxhysq43jmcyfvvqk9ec9834a7a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.