v0.1.0

Ai Exam 授客AI智能考试

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:24 AM.

Analysis

The skill matches its exam-management purpose, but it needs organization credentials and can upload documents, create exams, and assign them to many users, so it should be reviewed carefully before installation.

GuidanceReview this skill before installing. Confirm the API base URL is trusted, use least-privilege app credentials, avoid uploading unintended local files, and require a preview/confirmation before creating or assigning exams to users or departments.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

index.js

const deptUsers = await apiClient.request('GET', '/oa/departmentUser/list', null, { dept_id: deptId, page_size: 100 }); ... assignUserIds.push(...deptUserIds); ... await examService.assignExam(examInfo.uuid, assignUserIds, [], ...)

A department name can be expanded into up to 100 member user IDs and then assigned an exam in the same flow. The artifacts do not show an approval, preview, or rollback step before this bulk account mutation.

User impactA mistaken department name or agent action could assign an exam to many unintended users.

RecommendationAdd a dry-run/preview mode, require explicit user confirmation before assignment, show the exact resolved users/departments, and provide a clear unassign or rollback workflow.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

exam-service.js

formData.append('file', fs.createReadStream(filePath)); ... const result = await apiClient.request('POST', '/ai/uploadFiles', formData);

The skill reads a local file path and uploads the file to the AI exam service. This is expected for document-based exam generation, but the code does not enforce file type, path, or size limits.

User impactIf given the wrong path, the skill could upload a local document the user did not intend to share.

RecommendationOnly provide intended training/exam documents, and consider adding path allowlists, file-type checks, size limits, and an upload confirmation step.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"dependencies": { "axios": "^1.6.0", "dotenv": "^17.3.1", "form-data": "^4.0.0" }

The skill depends on npm packages using semver ranges. This is common for Node projects, but without pinned versions or a lockfile, future installs can resolve different package versions.

User impactA later install may use dependency versions different from those reviewed here.

RecommendationPin dependency versions and include a lockfile for reproducible installation.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

api-client.js

const params = { app_key: config.appKey, app_secret: config.appSecret, corpid: config.corpId }; ... const response = await axios.get(url, { params }); ... params: { ...params, access_token: token }

The skill obtains and uses an access token from organization app credentials, and it places credentials/tokens in request parameters. The registry metadata does not declare required credentials or environment variables, so the privileged account access and destination are under-disclosed.

User impactInstalling and using this skill may give it access to create exams, assign users, and read exam results in an organization account; leaked or misdirected tokens could affect that account.

RecommendationDeclare the required credentials and BASE_URL explicitly, use a fixed or allowlisted HTTPS API endpoint, avoid placing secrets in URLs if the API supports safer headers/body fields, and grant the app only the minimum permissions needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

index.js

console.log(`  最后得分: ${examInfo.last_score}`); ... console.log(`  通过状态: ${examInfo.pass_status === 'passed' ? '✓ 已通过' : '✗ 未通过'}`); ... return examInfo;

The skill retrieves, logs, and returns student exam-result data. This is purpose-aligned, but those results may be sensitive educational or employee-training records.

User impactStudent names, scores, pass/fail status, and related exam details may appear in agent output, logs, or conversation context.

RecommendationUse the skill only in appropriate contexts, avoid sharing outputs broadly, and redact or minimize student result data when it is not needed.