ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

学分查询技能

v0.0.2

学分查询技能

0· 71·0 current·0 all-time
by@bc96

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bc96/score-query.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "学分查询技能" (bc96/score-query) from ClawHub.
Skill page: https://clawhub.ai/bc96/score-query
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: ffmpeg
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install score-query

ClawHub CLI

Package manager switcher

npx clawhub@latest install score-query
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description and code implement a local student-score query using a bundled JSON file — nothing in the code or README needs ffmpeg. However the SKILL.md/README metadata declares a required binary: ffmpeg. Requiring ffmpeg is unrelated to a score-query skill and is disproportionate/unexplained.
Instruction Scope
The SKILL.md instructions are minimal and the runtime code's behavior is clear: parse the input, read the local database (database/scores.json), and return scores. The instructions/code do not reference other system files, environment variables, network endpoints, or exfiltration.
Install Mechanism
There is no install spec (instruction-only), which limits installation risk. However the package includes code files (index.js and database JSON). No install-time downloads or extract operations are declared. This is low-risk, but the presence of code means users should still review it before running.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to the stated purpose. The only oddity is the declared required binary (ffmpeg) in metadata despite no use of it in code; this does not involve secrets but is an unexplained external dependency.
Persistence & Privilege
The skill does not request persistent/always-on presence (always is false), does not modify other skills or system-wide settings, and only reads its own bundled JSON file. No elevated privileges are requested.
What to consider before installing
This skill's code implements a simple local lookup of student scores from a bundled JSON file and does not request secrets or network access, which is low-risk. However the SKILL.md/README declare ffmpeg as a required binary even though the code never uses it — ask the author why ffmpeg is required before installing or running. Recommended actions: (1) Inspect the included files yourself (index.js and database/scores.json) — they are short and readable. (2) If you will run the skill, do so in a sandbox/container if you cannot confirm the ffmpeg requirement. (3) Request clarification or a corrected metadata/manifest from the publisher (remove ffmpeg if unnecessary). (4) Note the minor metadata/version inconsistencies (package.json vs module metadata) as indicators of sloppy packaging; prefer a well-documented source or repo before trusting widely.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
Binsffmpeg
latestvk971fr2066pn0eeaxm9h8dxnq584za6n
71downloads
0stars
2versions
Updated 1w ago
v0.0.2
MIT-0
@bc96
latest
Download

学分查询技能

技能概述

  • 技能名称: 学分查询
  • 技能版本: 0.0.2
  • 技能描述: 用于查询学生各科目成绩的OpenClaw技能
  • 作者: bc96

功能列表

功能说明
查询单科成绩根据姓名和科目查询特定成绩
查询全部成绩查询某学生的所有科目成绩
科目名称转换支持口语化转标准科目名

支持的查询模式

单科成绩查询

Comments

Loading comments...