ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

超星作业自动批改

v1.0.0

自动登录超星学习通,智能识别未批改主观题并调用通义千问AI完成评分及成绩自动提交。

0· 201·0 current·0 all-time
by@chenghaozhangswu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chenghaozhangswu/chaoxing-auto-grade.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "超星作业自动批改" (chenghaozhangswu/chaoxing-auto-grade) from ClawHub.
Skill page: https://clawhub.ai/chenghaozhangswu/chaoxing-auto-grade
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install chaoxing-auto-grade

ClawHub CLI

Package manager switcher

npx clawhub@latest install chaoxing-auto-grade
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and instructions: Playwright automation to log into Chaoxing, find unreviewed assignments, call an Aliyun '通义千问' text-generation endpoint to score subjective answers, and submit scores. Required inputs (Chaoxing username/password and an Aliyun API key) are consistent with that purpose.
Instruction Scope
SKILL.md and README instruct the user to edit config.json with username/password/apiKey and to run npm install + playwright install then run the provided Playwright test. The runtime instructions and script read only config.json and interact with the Chaoxing web UI and the Aliyun endpoint. Important privacy-related behavior: student answers are sent to dashscope.aliyuncs.com (Aliyun) for scoring — this is expected for the feature but is a privacy/data‑exfiltration risk the user should be aware of.
Install Mechanism
No packaged install spec in skill metadata (instruction-only), but the README instructs running npm install and 'npx playwright install chromium', which will download packages and browser binaries to disk. This is standard for Playwright-based tools but means code and browser binaries will be written/executed locally; review dependencies and run in a controlled environment.
Credentials
The skill asks only for the Chaoxing username/password and an Aliyun API key via config.json (declared in skill.json). Those credentials are proportional to the described function. Caveats: credentials and student answers are stored/transmitted in plaintext (config.json and HTTPS requests using the API key); users should avoid reusing high‑privilege credentials and consider separating/testing with throwaway accounts and scoped API keys.
Persistence & Privilege
Skill is not marked always:true and does not request persistent system privileges. It runs as a user-initiated Playwright script; it does not modify other skill configs or attempt broad system changes in the inspected portion.
Assessment
This skill appears coherent with its stated purpose, but before installing/running: 1) Review the entire script (the provided file was truncated in the review input) to confirm no hidden network endpoints or extra behavior. 2) Be aware that student answers will be sent to Aliyun's AIGC endpoint — check privacy, legal, and institutional policies before transmitting student data. 3) Do not put production/high‑privilege Chaoxing or Aliyun credentials in plain config.json; use a dedicated account and API key with minimal permissions and monitor usage to control cost. 4) Run the tool in a controlled/local environment (not on a shared machine), inspect network traffic if possible, and rotate/revoke keys after testing. 5) Confirm that automating grading and auto-submission does not violate Chaoxing/your institution's terms of service or academic integrity rules.

Like a lobster shell, security has layers — review code before you run it.

latestvk973me243c3gc70a950z55gyah837wzs
201downloads
0stars
1versions
Updated 20h ago
v1.0.0
MIT-0
@chenghaozhangswu
latest
Download

Chaoxing Auto Grade

超星(学习通)作业自动批改技能。使用 Playwright 自动化 + 通义千问 AI 进行主观题智能评分。

功能

  • 🔐 自动登录学习通
  • 📚 根据课程名选择课程
  • 📝 自动找到未批改的作业
  • 🤖 AI 智能评分(通义千问 API)
  • ✅ 自动提交成绩
  • 📄 支持翻页处理多个作业

配置

修改 config.json

{
  "username": "你的学习通账号",
  "password": "你的学习通密码",
  "courseName": "课程名称(留空选第一个)",
  "apiKey": "通义千问 API Key",
  "model": "qwen-plus",
  "minScore": 60,
  "maxScore": 99,
  "chromePath": ""
}

使用

cd scripts
npm install
npx playwright install chromium
npx playwright test auto-grade.spec.js --headed

获取 API Key

  1. 访问 阿里云百炼
  2. 开通通义千问服务
  3. 创建 API Key

Comments

Loading comments...