AP Classroom Agent
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill controls a logged-in AP Classroom browser to answer and submit coursework, but its account-session access and automatic submission behavior are not tightly bounded or confirmed.
Review carefully before installing. Only use it if you are comfortable giving the skill control over a logged-in AP Classroom browser, and consider that it may submit coursework, affect grades, and violate school or platform rules. If used, run it in a separate Chrome profile, keep the remote-debugging port open only while needed, manually verify answers, and do not allow automatic submission without explicit confirmation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act as the logged-in student account and affect coursework or grades, and the browser session authority is broader than the registry's declared credentials indicate.
The skill instructs the user to enable remote debugging on an authenticated Chrome session, allowing the scripts to act with the user's College Board login rather than a narrowly scoped credential.
"使用当前已登录的浏览器。" ... "--remote-debugging-port=9223" ... "在浏览器中手动登录 College Board 账号。"
Use a separate Chrome profile with only the intended AP Classroom session, close the debugging port after use, and require explicit user approval for any account-changing action.
It could irreversibly submit a quiz or click a submit/confirm control on the wrong open page, affecting grades or other account state.
The submission script controls the first browser tab and force-clicks Submit and confirmation buttons without validating that the page is the intended AP Classroom quiz or asking for an in-script confirmation.
const page = context.pages()[0]; ... const submitBtn = await page.$('button:has-text("Submit")'); ... await submitBtn.click({ force: true }); ... await confirmBtn.click({ force: true });Add strict URL/domain and assignment checks, show the exact quiz to be submitted, and require an explicit typed confirmation before clicking Submit or Confirm.
A user may believe the skill will correctly complete assignments, while it may instead submit arbitrary or wrong answers that can harm academic results.
The advertised automation can submit quizzes, but the included automatic answer logic is a placeholder that selects the first option unless edited, which is a major hidden tradeoff for users expecting reliable answers.
"在 answerQuestion() 函数中添加答题逻辑" ... "示例:选择第一个选项" ... "const answerIndex = 0;" ... "📤 提交测验..."
Clearly label auto-answering as unfinished or unsafe by default, disable automatic submission in complete-quiz.js, and require users to review each answer before any submission.
Course names, assignment details, questions, answers, or user information may remain on disk after use.
The skill saves screenshots of quiz/question pages locally; related scripts also save course and homework JSON files, which may contain private educational information.
await page.screenshot({ path: 'current-question.png', fullPage: true });Store outputs in a clearly disclosed folder, provide cleanup instructions, and avoid saving screenshots unless the user requests them.
Users may try to run missing or separately obtained helper scripts that were not part of this review.
The package references launcher/helper files that are not present in the provided manifest, and one command bypasses PowerShell execution policy; this is a packaging/provenance gap rather than direct malicious behavior.
"start": "start.bat", "ui": "powershell -NoExit -ExecutionPolicy Bypass -File task-manager.ps1"
Publish a complete manifest, include all referenced launcher files, avoid unnecessary execution-policy bypasses, and pin dependencies where possible.