ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

quiz-maker 出题工具

v1.0.0

出题工具。根据文档内容(docx、pdf、txt 等)生成选择题测试卷,并返回二维码供答题者扫码作答。触发词:出题、生成题目、创建测验、云端出题。

0· 75·0 current·0 all-time
by@alsxie

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alsxie/quiz-maker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "quiz-maker 出题工具" (alsxie/quiz-maker) from ClawHub.
Skill page: https://clawhub.ai/alsxie/quiz-maker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install quiz-maker

ClawHub CLI

Package manager switcher

npx clawhub@latest install quiz-maker
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description: generate multiple‑choice quizzes from documents and deliver a QR code — and the SKILL.md explicitly says "use cloud service" at 118.196.5.240:34100. That capability legitimately requires sending document text to a service. However the package also contains full server code (server.js, upload-handler.js, db.js, deploy/deploy.sh, etc.) but there is no install spec and SKILL.md expects a local helper at ~/.openclaw/quiz-maker/quiz-create.js. Including a server + deployment script is disproportionate for a client-only instruction skill and creates ambiguity about whether you should run a remote service, a local client, or install the bundled server locally.
!
Instruction Scope
The SKILL.md instructs the agent/user to extract text locally (python docx/PyPDF2 examples) and then run a node script (node ~/.openclaw/quiz-maker/quiz-create.js "<内容>" "<标题>" "<说明>"). That node script is expected to call the cloud service (the skill documents the cloud IP). The instructions require reading arbitrary local documents and then transmitting their text to an externally hosted service (118.196.5.240:34100). The instructions don't provide an install step for the local script, don't document what is transmitted, and don't warn about privacy of uploading full document contents. Parser code (parser.js) uses child_process.execSync to run shell commands (strings | grep | head) as a fallback for PPTX parsing — if file paths or inputs are not properly sanitized this is a potential command‑injection vector.
!
Install Mechanism
There is no declared install spec in the registry metadata nor in SKILL.md, yet the repo includes deploy/deploy.sh which installs Node.js, nginx, certbot, creates /opt/quiz-maker, writes a systemd unit, and configures the service to run as User=root. That deployment script, if executed, would make persistent system changes and run the service as root — a high privilege action that is unnecessary to simply call a remote API. The cloud host is a raw IP (118.196.5.240:34100) rather than a well-known release host or domain; using a numeric IP is higher risk and harder to validate.
Credentials
The skill does not request environment variables or credentials (requires.env is empty) which is appropriate for an API-forwarded quiz generator. However, the package uploads local document contents to a third-party server (hard-coded IP) — even without requiring a key — so the privacy/sensitivity of transmitted data is a concern. No secrets are requested, but the remote endpoint and included server/deploy scripts increase the attack surface.
!
Persistence & Privilege
The skill metadata does not force 'always' inclusion, but the codebase contains a deploy script that configures a persistent systemd service running as root (User=root). That would give the packaged application long-lived system presence and high privilege if an operator ran deploy/deploy.sh. The presence of such a script in an otherwise instruction-only skill is disproportionate and risky.
What to consider before installing
Key points before installing or running anything from this package: - This skill will (per SKILL.md) send extracted document text to an external server at 118.196.5.240:34100. If your documents contain sensitive data do NOT upload them without confirming the operator, privacy policy, and retention practices. - The package includes a deploy script that installs system services and runs the server as root. Do NOT run deploy/deploy.sh as root unless you trust the code and the service owner — review server.js, upload-handler.js and quiz-create.js line-by-line first. - The SKILL.md expects a local node script at ~/.openclaw/quiz-maker/quiz-create.js but the package provides no install instructions; that mismatch is suspicious. Ask the publisher how the client is meant to be installed and why server code is bundled. - parser.js uses child_process.execSync with shell pipelines as a fallback for PPTX parsing. If you run the bundled server, inspect how uploaded filenames and paths are validated to avoid command injection. - Prefer to: (1) get a named, verifiable domain and operator contact for the cloud endpoint; (2) run the client code in an isolated environment (container/VM) and inspect network traffic before sending sensitive documents; (3) if you need an on‑premise solution, review and test the server code thoroughly and change the systemd unit to run as a non-root user and follow least privilege practices. If you want, I can: (a) highlight lines in server.js / quiz-create.js / upload-handler.js where uploads are transmitted or where execSync is used; or (b) suggest a safe minimal workflow to test the client without exposing real documents.
parser.js:73
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97csd9sa59qkydh8xzrkz7zp985a2kw
75downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
@alsxie
latest
Download

quiz-maker - 出题技能

默认行为

使用云端服务出题,返回二维码图片。

调用流程

1. 提取文档内容

# docx
python3 -c "
from docx import Document
doc = Document('文件路径.docx')
for p in doc.paragraphs:
    if p.text.strip(): print(p.text)
for t in doc.tables:
    for row in t.rows: print(' | '.join(c.text.strip() for c in row.cells))
"

# pdf
python3 -c "
import PyPDF2
reader = PyPDF2.PdfReader('文件路径.pdf')
for page in reader.pages:
    t = page.extract_text()
    if t and t.strip(): print(t.strip())
"

2. 调用云端 API 出题

node ~/.openclaw/quiz-maker/quiz-create.js "<内容>" "<标题>" "<说明>"

3. 提取二维码并保存

# 从输出 JSON 中提取 qrImage 字段 base64,保存为 PNG
python3 -c "
import sys, base64, json
r = json.loads(sys.stdin.read())
b64 = r['qrImage'].replace('data:image/png;base64,', '')
open('输出路径.png', 'wb').write(base64.b64decode(b64))
"

4. 验证后发送

file 输出路径.png  # 确认为 PNG 再发送

注意事项

  • 云端服务地址:https://118.196.5.240:34100
  • 内容最少需要 50 字
  • 二维码直接展示给用户即可

教训(踩坑记录)

  • 不要自己发明 API 路径create-with-qr 返回的 JSON 里已有 qrImage(base64 PNG),直接用这个字段,不要另调 /api/quiz/:id/qr 等不存在的接口
  • 先验证文件类型:保存后用 file 命令确认是真正的 PNG 再发送

Comments

Loading comments...