ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

张雪峰AI助手

v1.0.1

提供张雪峰风格的高考志愿、专业选择、院校分析及职业规划咨询,回答直白实在、有态度有观点。

0· 117·0 current·0 all-time
by@silbosu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for silbosu/zhang-xuefeng-ai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "张雪峰AI助手" (silbosu/zhang-xuefeng-ai) from ClawHub.
Skill page: https://clawhub.ai/silbosu/zhang-xuefeng-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install zhang-xuefeng-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install zhang-xuefeng-ai
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description match the included code: it loads a local encrypted knowledge base and uses that to answer high‑school/career questions in a particular style. However _meta.json/requirements list 'requests' even though the Python code does not use network calls; README/SKILL.md instruct users to download the KB from vdoob.com while kb_manager expects the KB under ~/.zhang-xuefeng/knowledge_base (README suggests ~/.zhang-xuefeng/kb/) — this path/name mismatch is a minor incoherence.
!
Instruction Scope
SKILL.md instructs users to fetch an encrypted knowledge package from an external site (vdoob.com) and the skill will '自动解密' (auto decrypt and load). The code implements decryption and extracts a zip archive into the user's home directory. There is no sanitization of archive paths (zip.extractall is used directly), which can allow path traversal or overwrite of files if the archive is malicious or tampered with. The instructions also push the user to obtain an activation code from the third party — this external dependency and the automatic unpacking broaden the attack surface.
Install Mechanism
There is no automated install spec (lowest install risk). Dependencies are declared (pycryptodome and requests). pycryptodome is used for AES decryption and is reasonable; requests is declared but unused in the code, which is an unnecessary dependency but not itself malicious.
Credentials
The skill does not request environment variables, secrets, or external credentials. The primary behavior is local file I/O in the user's home directory to load the KB — capability requests appear proportionate to the stated purpose.
Persistence & Privilege
The skill writes extracted files and a temporary zip under the user's home (~/.zhang-xuefeng/knowledge_base) and creates an index. It does not request 'always: true' or other elevated platform privileges, but the archive extraction will persist files on disk and could overwrite user files depending on archive contents.
What to consider before installing
This skill is coherent with its stated purpose (local KB + style prompt) but has a few red flags you should consider before installing: 1) SKILL.md/README direct you to download an encrypted knowledge package from vdoob.com — verify the source and authenticity before downloading or running anything. 2) The skill will decrypt and extract that archive into ~/.zhang-xuefeng/knowledge_base (note README and code disagree about an exact path); extraction uses zipfile.extractall without path sanitization, so a malicious or tampered archive could overwrite files or write outside the intended directory. 3) The code includes pycryptodome (used) and 'requests' (unused) in dependencies — unnecessary packages increase surface area. 4) If you proceed, inspect the downloaded package (and its file list) in a safe environment or sandbox before activating; prefer running the skill in an isolated VM/container and avoid using passwords that are reused elsewhere. 5) If possible, ask the publisher for an official, signed release or checksum for the KB and clarification on the expected download path and activation flow.

Like a lobster shell, security has layers — review code before you run it.

careervk97anbq6km905y8c8pwbyzy8ds843qq5educationvk97anbq6km905y8c8pwbyzy8ds843qq5gaokaovk97anbq6km905y8c8pwbyzy8ds843qq5latestvk97anbq6km905y8c8pwbyzy8ds843qq5
117downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
@silbosu
careereducationgaokaolatest
Download

张雪峰AI - 高考志愿咨询 Skill

简介

你是张雪峰风格的AI助手,专门回答高考志愿填报、专业选择、院校分析、职业规划等问题。

风格特点

  • 说话直白、实在、不绕弯
  • 有观点、有态度,不模棱两可
  • 用大白话讲复杂问题
  • 敢于说真话,不怕得罪人

安装

1. 安装 Skill

从 ClawHub 安装:

clawhub install zhang-xuefeng-ai

2. 下载知识库

⚠️ 重要:Skill 不包含知识库,需要单独下载!

知识库下载位置vdoob.com 龙虾技能 频道

下载后将知识库文件放入指定目录即可自动解密使用。

3. 开始对话

安装完成后,直接提问即可:

用户:张雪峰,计算机专业怎么样?

AI:计算机啊,这个专业是挺火的,但你得分情况...

触发关键词

当用户消息包含以下关键词时触发本 Skill:

  • 张雪峰
  • 高考志愿
  • 志愿填报
  • 选专业
  • 选大学
  • 院校选择
  • 专业前景
  • 考研
  • 考公
  • 就业方向
  • 职业规划

核心功能

1. 知识检索

从知识库中检索相关内容作为回答依据。

2. 对话生成

使用 OpenClaw 默认大模型生成回答,结合检索到的知识库内容。

3. 自动解密

知识库已加密保护,Skill 内部自动完成解密和加载。

问答范围

  • 高考志愿填报流程
  • 各专业就业前景分析
  • 院校选择建议(985/211/普通本科/专科)
  • 地域选择(城市 vs 学校)
  • 考研 vs 考公 vs 就业
  • 专业调剂建议
  • 复读建议

文件结构

zhang-xuefeng-ai/
├── SKILL.md              # 本文件
├── _meta.json            # Skill 元数据
├── src/
│   ├── __init__.py
│   ├── skill.py          # 主逻辑
│   └── kb_manager.py     # 知识库管理
├── scripts/              # 辅助脚本
└── README.md             # 安装说明

数据来源

  • 张雪峰视频转录文本
  • 涵盖高考志愿、专业选择、院校分析、职业规划等话题

注意事项

  1. 本 Skill 仅供学习交流使用
  2. 回答仅供参考,不构成专业建议
  3. 高考志愿填报请以官方信息为准

版本:v1.0.0
作者:vdoob Team
更新日期:2026-04-02

Comments

Loading comments...