交互式教学网页生成器
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: teach-gen Version: 1.0.0 The teach-gen skill is a legitimate utility designed to convert educational content into interactive HTML pages. The implementation in index.js performs standard file reading and writing operations to generate a standalone HTML file, utilizing reputable CDNs (jsdelivr) for math rendering and animations. No indicators of data exfiltration, malicious command execution, or prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the generated HTML may contact a public CDN and run code supplied by that CDN.
The generated HTML loads JavaScript from jsdelivr CDN. This is purpose-aligned for formula rendering and animation, but it means generated pages are not fully offline/self-contained and rely on third-party scripts.
<script src="https://cdn.jsdelivr.net/npm/katex@0.16.9/dist/katex.min.js"></script> ... <script src="https://cdn.jsdelivr.net/npm/animejs@3.2.1/lib/anime.min.js"></script>
Use this skill where CDN loading is acceptable, or modify the output to bundle trusted local copies with integrity checks if offline or high-assurance use is needed.
A malicious or untrusted lesson file could cause unwanted HTML or JavaScript to run in the generated page.
Input lines are inserted directly into the generated HTML without escaping. If a source lesson contains HTML or script content, that content may become active when the generated page is opened.
html += `<p>${line}</p>`;Only generate pages from trusted teaching materials, or add HTML escaping/sanitization before publishing or opening generated files from untrusted sources.