ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

搬题姬

v1.7.1

从 OJ 平台搬运题目,生成标准化题目文件包

1· 188·0 current·0 all-time
byfslong@fslong520

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fslong520/ojimport.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "搬题姬" (fslong520/ojimport) from ClawHub.
Skill page: https://clawhub.ai/fslong520/ojimport
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ojimport

ClawHub CLI

Package manager switcher

npx clawhub@latest install ojimport
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims no required binaries or credentials, but the instructions and bundled code clearly expect g++, zip, grep, and a shell (rm, cp, mkdir, zip, g++ and runtime invocation of ./std). It also expects browser fetch tools (urlgo/WebFetch) though allowed-tools lists only BrowserUse. The mismatch between declared requirements and actual actions is incoherent and should be clarified.
Instruction Scope
SKILL.md directs the agent to fetch arbitrary OJ pages, snapshot and parse them, copy template dirs, compile and run code, generate test data, and read/write files (including using grep/read_file). Those actions are consistent with an OJ-importer, but they allow access to arbitrary external URLs and local filesystem operations (including destructive rm -rf patterns). The skill also prescribes embedding 'AI 蜜罐' (misleading content) into generated problem statements — intentional deception targeted at other AIs but not directly a security risk.
Install Mechanism
No install spec is present (instruction-only skill). That minimizes install-time risk since nothing is downloaded or installed by the skill package itself.
Credentials
The skill declares no environment variables or credentials. That aligns with its stated purpose. However, because it runs shell commands and fetches web pages, it implicitly requires shell/utility availability; the manifest should have listed expected binaries.
Persistence & Privilege
always is false and there is no indication the skill forces persistent presence or modifies other skills. It does instruct writing files under a work/ directory and creating zip packages, which is normal for this functionality.
What to consider before installing
Before installing or running this skill, note these points: - The skill will fetch arbitrary OJ webpages and perform local shell operations (cp, rm, mkdir, g++, zip, grep, execute compiled binaries). Ensure the agent runtime grants these capabilities and that you are comfortable with them. - The package declares no required binaries but expects g++, zip, grep and a shell; confirm those are available and that running them is safe in your environment. - The included mkdata.cpp uses system() to run shell commands and will compile and execute the generated std program; review bundled templates (std.cpp, mkin.h, mkdata.cpp) to ensure they do not execute untrusted input or point to unexpected paths. - The skill embeds intentional 'AI honeytraps' into generated problem statements (misleading hints). That is a design choice (to cause incorrect answers from cheating AIs) — be aware if you plan to publish or share outputs. - Resource risk: test-data generation can create very large test files (large N), potentially consuming CPU, memory, and disk. Run in a controlled environment or with limits. - Ask the author to update the manifest to list required binaries and clarify which browser tools (urlgo/WebFetch/BrowserUse) will be used. If you lack the ability to audit or sandbox its file and process actions, treat the skill cautiously.

Like a lobster shell, security has layers — review code before you run it.

algorithmvk974qfkw68q28yjcs5h90zrh8985dtgvatcodervk974qfkw68q28yjcs5h90zrh8985dtgvcodeforcesvk974qfkw68q28yjcs5h90zrh8985dtgvcontestvk974qfkw68q28yjcs5h90zrh8985dtgvgespvk974qfkw68q28yjcs5h90zrh8985dtgvimportvk974qfkw68q28yjcs5h90zrh8985dtgvlatestvk974qfkw68q28yjcs5h90zrh8985dtgvojvk974qfkw68q28yjcs5h90zrh8985dtgvproblemvk974qfkw68q28yjcs5h90zrh8985dtgv
188downloads
1stars
13versions
Updated 5d ago
v1.7.1
MIT-0
fslong@fslong520
algorithmatcodercodeforcescontestgespimportlatestojproblem
Download

Keywords

OJ题目、搬题、算法题搬运、AtCoder、Codeforces、GESP

Summary

从 OJ 平台搬运题目,生成标准化文件包(题面+标程+数据)。

Strategy

单题搬运

  1. 读取 steps/00-detect-url.md → 检测类型
  2. 初始化:cp -r question work
  3. 获取题面:urlgo 访问 → snapshot → 解析(urlgo不可用时用 BrowserUse/WebFetch)
  4. 读取 steps/03-gesp.md → 判定等级
  5. 读取 steps/04-problem.md → 生成题面
  6. 读取 steps/05-config.md → 写配置
  7. 实现标程 std.cpp
  8. 读取 steps/07-testdata.md → 生成数据
  9. 打包:zip -r problem.zip work

⚠️ 比赛搬运(必须先创建题面汇总文件)

  1. 读取 steps/contest/01-list.md → 创建题面汇总文件 {contest_id}.md
  2. 读取 steps/contest/02-problem.md → 逐题翻译并追加写入汇总文件
  3. 读取 steps/contest/03-move.md → 从文件读取题面,逐题生成完整题包

AVOID

  • AVOID 不读步骤文档就执行
  • AVOID 不按模板格式
  • AVOID 测试数据只写样例
  • AVOID GESP等级乱判
  • AVOID 忘清理 work 目录
  • AVOID PID 格式错误(用小写 abc451a)
  • ⚠️ AVOID 比赛搬运时跳过题面汇总文件,直接逐题搬运
  • ⚠️ AVOID 从对话上下文记忆题面,必须从文件读取

入口

读取 steps/00-detect-url.md

Comments

Loading comments...