ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

职业技能个性学习路径生成

v2.4.1

根据输入的职业技能标准文档,输出基于知识图谱的三层学习路径规划。适用于职业技能学习、职业资格认证学习。本技能以中国国内职业技能为目标,参考资源为国内官方资源。详细说明见 references/README.md

0· 114·0 current·0 all-time
byzpwang@live.cn@wzp2026

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wzp2026/learning-path-builder.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "职业技能个性学习路径生成" (wzp2026/learning-path-builder) from ClawHub.
Skill page: https://clawhub.ai/wzp2026/learning-path-builder
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install learning-path-builder

ClawHub CLI

Package manager switcher

npx clawhub@latest install learning-path-builder
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
名字与描述(基于职业标准构建知识图谱与学习路径)与包含的脚本和工作流一致:脚本用于提取PDF文本、构建KG、从国内权威/参考站点验证内容(如百度百科、国家站点、慕课平台)。没有请求与目的不符的凭证或外部服务。
Instruction Scope
SKILL.md 明确描述了运行流程(提取PDF→解析章节→增量写入/tmp→多格式导出→来源验证并发送会话进度)。这与代码一致。但 SKILL.md 明确要求使用 `pdftotext` 提取全文,而 registry metadata 列出的“必需二进制/环境变量”为空——这是一个不一致(运行时可能失败)。此外,工作流程没有硬性超时且会进行网络检索/抓取(百度百科、政府/慕课站点),会产生外部网络流量并可能耗时较长;SKILL.md 要求通过“当前会话发送进度通知”,意味着运行时会反复输出中间结果。
Install Mechanism
包是 instruction-only(没有安装规范),但包含多个 Python 脚本(scripts/)。没有声明需要的运行时(如 Python 版本、PyYAML 等第三方库)或系统工具(pdftotext)。脚本大部分使用标准库 urllib/json/re/re,但部分脚本导入了 yaml(需要 PyYAML)。没有从不可信 URL 下载依赖或执行远程二进制,这降低了直接供应链风险,但缺乏明确依赖声明会导致运行失败或意外行为。
Credentials
技能未要求任何环境变量、凭证或配置路径,这与其以公开权威资源为主的设计一致。脚本会进行公开网站抓取(baike、gov、mooc),但不要求敏感凭据或访问其它技能的配置。
Persistence & Privilege
flags 中没有 always:true,也未声明要修改其他技能或系统范围配置。脚本写入 /tmp 和输出目录文件,但这属于本技能自身的正常产物,未表现出对系统持久化或跨技能权限的请求。
What to consider before installing
Things to consider before installing and running: - Missing runtime/dependency declarations: SKILL.md and scripts expect tools/libraries that are not declared in metadata. Ensure your environment provides: a suitable Python 3 runtime, PyYAML (yaml), and the pdftotext binary (poppler-utils) if you plan to process PDFs. Without these the skill may fail or behave unexpectedly. - Network access and scraping: the code actively fetches content from public Chinese sites (baike.baidu.com, osta.org.cn, openstd.samr.gov.cn, icourse163.org, etc.). Confirm you allow outbound HTTP(S) from the agent environment and consider rate limits / terms of service for those sites. - Long-running, no hard timeout: the SKILL.md states “no hard timeout” and incremental file writes and progress notifications; run it in a controlled/sandboxed environment to avoid runaway jobs or unexpected resource use. - File writes: the skill writes temporary files to /tmp and produces outputs in an output_dir; review these outputs and ensure sensitive documents are not unintentionally uploaded. - Legality/ToS: automated scraping of sites (e.g., Baidu Baike) may conflict with site terms of service—review before wide use. - Audit the scripts: although I saw no hidden external command-and-control endpoints, you should review scripts (especially truncated/omitted files) for any hardcoded or obfuscated endpoints before granting broader permissions. - If you need stricter safety: run the skill in an isolated container/VM with limited network access, install only required dependencies, and review logs/output files. If you want to prevent autonomous runs, keep model invocation controlled (disable autonomous invocation in your agent policy).

Like a lobster shell, security has layers — review code before you run it.

latestvk976mgmeyrxc8g5j62q4pxxcnd85b955
114downloads
0stars
2versions
Updated 6d ago
v2.4.1
MIT-0
zpwang@live.cn@wzp2026
latest
Download

学习路径构建器 v2.4.0

核心功能

输入职业技能标准文档(如PDF)→ 输出三层知识图谱(JSON/CSV/JSON-LD格式)

核心设计:L1大领域 → L2模块 → L3叶节点,每节点0.5学时,来源标注(权威/参考/推断)

工作流程

第零步:检测多方向标准(如有人工智能5个方向则推荐默认方向)
第一步:提取PDF文本 → 写入 /tmp/kg_pdf_text_{job_id}.txt
第二步:动态提取L1职业功能领域(从原文结构,非固定4个框)
第三步:逐域构建L2/L3节点 → 增量写入 /tmp/kg_progress_{job_id}.json
第四步:生成 JSON + CSV(nodes/edges) + JSON-LD
第五步:生成来源说明文档 + 质量检查
每步完成后通过当前会话发送进度通知

核心原则

  1. 权威资源优先:osta.org.cn、openstd.samr.gov.cn、教育部/工信部/中国大学MOOC
  2. 搜索优先:先搜索权威来源,找不到再用参考来源,最后才推论
  3. 来源标注:每个节点标注 ✅权威 / ⚠️参考 / 🤖推断
  4. 动态L1:L1领域从PDF标准原文的职业功能结构动态提取,非固定框架

多方向标准处理

检测到多方向标准时(如人工智能工程技术人员5个方向):

  1. 分析各方向的学习热度、材料丰富度、应用前景
  2. 生成推荐报告,提供默认推荐
  3. 学习者未选择时使用默认方向

详细示例见 references/README.md

输出格式

每次构建同时生成4个文件:

  • {name}_kg.json — 主JSON
  • {name}_kg_nodes.csv — 节点表(Excel可打开)
  • {name}_kg_edges.csv — 关系表
  • {name}_kg.jsonld — JSON-LD开放格式

超时策略

  • 不设硬性超时,任务完整执行
  • 每步结果写文件,失败可从该步骤续接
  • references/ 目录包含详细说明文档,按需加载

详细说明:references/README.md 作者:Wang Zhipeng | 更新:2026-04-21 14:13

Comments

Loading comments...