ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

高等数学学情数据分析Skill

v1.0.0

基于作业批改数据,提供学生能力画像、班级学情看板及个性化教学建议,助力高等数学教学决策闭环。

0· 15·0 current·0 all-time
bymath@daigxok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (high-level learning-analytics for calculus) align with the documented functions (dashboards, student profiles, recommendations). There are no unrelated binaries, env vars, or installs declared that conflict with the stated purpose.
!
Instruction Scope
SKILL.md describes generating dashboards and detailed student profiles (including names, IDs, time-spent, trends) and even contains model pseudocode. However it does not specify where assignment data comes from, how it should be supplied, or whether the agent should read files/DBs. Handling of student PII is implied but no privacy, retention, or export rules are given. The examples reference external URLs (placeholder example.com) but there are no instructions about where visualizations are hosted or whether data is transmitted to third parties.
Install Mechanism
Instruction-only skill with no install spec and no code files to be written to disk — lowest install risk. The embedded Python snippets are documentation only and are not installed/executed by the skill itself.
!
Credentials
The skill declares no required credentials or env vars, yet it clearly requires access to student assignment/grade data (sensitive identifiers, time-on-task). There is no declaration of required data connectors, database credentials, or storage locations. This mismatch (no declared data access vs. need to process PII) is a proportionality/privacy gap that should be clarified before use.
Persistence & Privilege
Skill is not set to always:true, has no install steps, and does not request system-wide configuration. It does not request persistent privileges in the manifest.
What to consider before installing
This skill appears to do what it says (student/class analytics) but the SKILL.md omits crucial operational and privacy details. Before installing or enabling it: 1) Ask the maintainer for the data connectors and exact data flow—where do assignment grades, timestamps, and student identifiers come from and what credentials are required? 2) Confirm how/where visualizations and exported data are hosted or uploaded (no placeholders like example.com in real use). 3) Require and verify privacy controls: data minimization, anonymization options, retention policy, and access controls, and ensure compliance with applicable student-data laws/policies. 4) If you must test, run it in an isolated environment with synthetic or anonymized data and audit network traffic to ensure no unexpected exfiltration. 5) Prefer skills with a visible source repo, maintainer contact, and documentation describing authentication and storage; lack of a homepage/source is an additional risk factor.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxxv1911drbek4zwhkvr3jh84zgg9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments