ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

中考真题检索

v1.0.0

搜索并下载全国各地中考真题试卷。触发词:中考真题、中考试卷、中考英语、中考数学、中考语文、中考物理、中考化学、真题下载、历年中考、中考备考、中考复习、湖南中考、长沙中考、北京中考、上海中考、各省中考真题下载

0· 37·0 current·0 all-time
by@abill6688

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for abill6688/zhongkao-exam-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "中考真题检索" (abill6688/zhongkao-exam-search) from ClawHub.
Skill page: https://clawhub.ai/abill6688/zhongkao-exam-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install zhongkao-exam-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install zhongkao-exam-search
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with provided scripts and docs: search.sh builds search queries for known sources, download.py fetches files, verify.py inspects file format/contents. No unrelated credentials, binaries, or config paths are requested. The sources and edge-case notes match the intended purpose.
!
Instruction Scope
SKILL.md limits actions to searching, downloading, verifying, and organizing exam files. However download.py explicitly disables TLS verification (ssl.CERT_NONE / check_hostname=False) which weakens network security and can allow MitM or delivery of malicious payloads; SKILL.md does not warn users about this. The skill also instructs using external tools/skills (web_search, ima-skill, wechat-article-search) which may themselves require credentials or transmit data—those integrations are outside this package and could broaden the data flow.
Install Mechanism
This is instruction-plus-scripts (no install spec). No packages are automatically downloaded by an installer, which lowers risk. It does require runtime tools not provided (python3, optional unar for RAR extraction, and external 'web_search' and IMA upload workflows). Users must install those separately; the lack of an automated install is acceptable but means manual dependency management is needed.
Credentials
The skill declares no environment variables or credentials. That is proportionate to its stated goal. Note: the SKILL.md references using other skills/tools (web_search, ima-skill, wechat-article-search) that may require credentials; those are external to this skill and should be considered separately.
Persistence & Privilege
always:false and no install-time persistence or modification of other skills. The skill does write downloaded files to disk (expected behavior) but does not request persistent elevated privileges or alter other skill configurations.
What to consider before installing
This package appears to implement the advertised search/download/verify workflow, but proceed carefully: - Major technical concern: download.py disables TLS certificate verification (ctx.check_hostname=False; ctx.verify_mode=ssl.CERT_NONE). This makes HTTPS connections vulnerable to MitM and could cause the script to download tampered or malicious files. Before running, remove the bypass so certs are validated, or explicitly document and accept the risk in a secure environment. - Only download and open files from trusted sources. The scripts can fetch arbitrary URLs and write them to disk; a malicious or mistyped URL can deliver executable, archive, or malicious content. - Run first-time runs in a sandboxed environment (VM/container) and inspect downloaded files before opening. Verify.py helps, but it is not a substitute for safe handling of untrusted binaries/archives. - If you will upload materials to an external knowledge base (IMA) or use other search skills, confirm their credential and privacy implications separately—this skill references those workflows but does not provide the integration code. - If you expect to handle RAR files, install unar from a trusted package manager. Avoid running unknown extraction tools from untrusted sources. - Recommended quick code changes: in download.py remove or change the SSL context lines so verification is enabled (use default SSL context without forcing verify_mode=ssl.CERT_NONE and keep check_hostname=True). Consider adding a safelist of allowed hostnames (e.g., files.eduuu.com, zhongkao.com) if you only intend to fetch from known domains. - Legal/ethical note: ensure you have the right to download and redistribute exam materials in your jurisdiction and organization. Given the TLS bypass and the network/file-write behavior, treat this skill as potentially risky until you patch the cert validation and run it in a controlled environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk970mzx6b0zvqq954wma027tkn85q93x
37downloads
0stars
1versions
Updated 12h ago
v1.0.0
MIT-0
@abill6688
latest
Download

中考真题检索 Skill

搜索并下载全国各地中考真题试卷(中考/初中学业水平考试),支持各科、各省、各年份。从多个免费来源自动搜索、下载、验证试卷文件。

工作流程

第1步:明确需求

确认以下信息:

  • 省份/城市:如"湖南长沙"、"北京"、"上海"
  • 科目:语文、数学、英语、物理、化学、道德与法治、历史、地理、生物
  • 年份:如 2021-2025
  • 是否需要答案:含答案 vs 原卷版

第2步:搜索资源

按来源优先级搜索(详见 references/sources.md):

优先级来源适用范围可靠度
1中考网 (zhongkao.com)全科⭐⭐⭐
2中学英语网 (trjlseng.com)仅英语⭐⭐⭐
3第一试卷网 (shijuan1.com)全科⭐⭐
4中学学科网 (zxzyw.cn)全科⭐⭐
5无忧考网 (51test.net)全科
6社交媒体(小红书/微信公众号)全科

搜索方法

# 使用搜索脚本获取各来源的搜索关键词和URL模式
{baseDir}/scripts/search.sh "湖南长沙" "英语" 2024

然后使用 web_search 工具按输出的 query 字段搜索,获取具体下载页面URL。

第3步:下载文件

从中考网下载(找到页面后提取files.eduuu.com下载链接):

# 下载文件
python3 {baseDir}/scripts/download.py \
  "https://files.eduuu.com/ohr/2021/06/22/174543_60d1b147d1e67.rar" \
  "/output/2021年湖南长沙中考英语真题.rar"

解压文件

# ZIP文件
python3 -c "import zipfile; zipfile.ZipFile('文件.zip').extractall('.')"

# RAR文件(需要安装unar: brew install unar)
unar -o /output/dir "文件.rar"

特殊情况(详见 references/edge-cases.md):

  • 全省统一命题:搜索"XX省中考"而非"XX市中考"
  • 只有图片版:逐张下载PNG图片
  • RAR文件:需安装unar

第4步:验证文件(关键步骤,不可跳过!)

# 验证文件的真实性和完整性
python3 {baseDir}/scripts/verify.py \
  "/path/to/2021年湖南长沙中考英语真题.docx" \
  2021 "湖南长沙" "英语"

验证脚本自动检查:

  1. 文件大小(≥50KB)
  2. 文件格式与扩展名一致性
  3. docx内容关键词("考试"、"注意事项"、学科关键词)
  4. 是否为扫描嵌入版
  5. HTML重定向检测(防止下载到登录页)

⚠️ 验证不通过禁止上传到知识库!

第5步:整理与交付

  • 统一文件命名:{年份}年{省份}{城市}中考{科目}真题.{扩展名}
  • 如有答案:{年份}年{省份}{城市}中考{科目}真题(含答案).{扩展名}
  • 记录来源网站和下载链接
  • 如需上传到IMA知识库,使用ima-skill的上传流程

质量红线

级别规则
🔴 禁止用搜索片段拼凑试卷
🔴 禁止上传未经验证的文件
🔴 禁止用AI编造/补全题目内容
🟡 警告扫描嵌入版docx文件较大是正常的
🟡 警告图片版试卷清晰度可能不足

踩坑经验

  • 2024年湖南统一命题:中考网只提供图片版无下载版,免费PDF/DOCX极难获取
  • IMA不支持ZIP:上传ZIP会报错,需逐个文件上传
  • IMA无删除API:上传错误文件需在客户端手动删除
  • 中学英语网:部分资源需要注册登录,但注册免费
  • 中考网移动版:m.zhongkao.com有时比www版更容易获取下载链接

Comments

Loading comments...