ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

搬题姬

v1.5.1

专业的OJ题目自动化生成智能体,支持单题搬运和比赛整体搬运。 按步骤入口、按需读取,避免上下文膨胀。

0· 52·0 current·0 all-time
byfslong@fslong520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OJ题目搬运与生成) match the manifest: step-by-step docs, templates under question/, and actions (copy templates, produce problem files, compile test programs, package zips). No environment variables or unrelated credentials are requested.
Instruction Scope
SKILL.md and step documents explicitly instruct reading user-provided files, using a browser/url-skill to fetch problem pages, copying templates, compiling and executing local C++ (mkdata.cpp/std.cpp), running shell commands (rm, cp, g++, zip). All of this is coherent for the stated purpose. Two points to note: (1) the workflow mandates embedding 'AI 蜜罐' (transparent, misleading hints) into generated problem statements — this is intentionally deceptive to mislead automated solvers and is a functional behavior to be aware of; (2) the runtime will execute shell/system commands and compile code, which can modify or delete files in the working directory if run in the wrong location.
Install Mechanism
Instruction-only skill with no install spec. There are code templates included, but nothing is downloaded from external URLs or installed automatically. Lowest-risk install posture.
Credentials
No required environment variables, no credentials, and no declared config paths. The requested tools (Read/Write/Edit/BrowserUse) match the documented file and web I/O behavior.
Persistence & Privilege
always is false, the skill does not request persistent/privileged system presence beyond reading/writing files in working directories it creates. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to be what it claims, but it will read and write files, run shell commands (rm, cp, zip), compile and execute C++ templates (g++ ./mkdata -> ./std), and fetch web pages when given URLs. Before running: (1) review the included question/ templates and step docs; (2) do not run it in a directory containing important files or as root — it uses rm and other destructive commands relative to its working dir; (3) if you plan to let the agent execute autonomously, be aware it will embed 'AI 蜜罐' (hidden misleading hints) into problem statements by design — this is intentional but may be ethically questionable depending on your use; (4) if you will actually execute generated code, run it in an isolated environment (container/VM) and back up any important data. If you want a tighter review, provide the full text of any external URL the skill will fetch or indicate the environment/path where you intend to run it.

Like a lobster shell, security has layers — review code before you run it.

atcodervk97c03332ssn7pq6c3hz2t895584y8a3contestvk97c03332ssn7pq6c3hz2t895584y8a3gespvk97c03332ssn7pq6c3hz2t895584y8a3importvk97c03332ssn7pq6c3hz2t895584y8a3latestvk97c03332ssn7pq6c3hz2t895584y8a3ojvk97c03332ssn7pq6c3hz2t895584y8a3problemvk97c03332ssn7pq6c3hz2t895584y8a3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments