Tianshu Mistake Sheet
AdvisoryAudited by VirusTotal on Mar 21, 2026.
Overview
Type: OpenClaw Skill Name: tianshu-mistake-sheet Version: 1.0.0 The skill is a straightforward utility for generating Markdown-formatted mistake tracking tables for students. The core logic in `scripts/mistake_sheet.js` simply parses local text input or files and outputs a formatted table to stdout without any network activity, sensitive data access, or obfuscated code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local JavaScript helper; if the relative example is run from an unexpected directory, it could fail or run an unintended same-named file.
The workflow runs a local Node script, which is expected for this utility. The second example uses a relative path, so users should ensure the intended included script is the one being executed.
node ~/.openclaw/skills/tianshu-mistake-sheet/scripts/mistake_sheet.js --template --rows 15 ... node scripts/mistake_sheet.js --file mistakes.txt
Use the installed skill path when invoking the helper, especially for `--file` imports.
If an unintended private file is passed to `--file`, its contents could be placed into the generated output or agent context.
The helper reads whichever local file path is supplied with `--file` and prints parsed Markdown output. This is aligned with importing mistake entries, but the file choice should be deliberate.
const p = path.resolve(o.file); ... return fs.readFileSync(p, 'utf-8').split(/\r?\n/);
Pass only the intended mistake-list text file, and ask the agent to confirm the file path before running if the path is ambiguous.