homework-grade

This skill mostly does what it says, but there are several red flags you should resolve before using it with real student data or credentials: - Undeclared OpenAI usage: The grader reads student code and calls OpenAI via OPENAI_API_KEY, but that key is not declared in the skill metadata and not listed in requirements.txt. Ask the author to declare OPENAI_API_KEY as a required credential and add the openai package to requirements. - External data exfiltration: Student source files are sent to an external AI provider (OpenAI). If student code is sensitive/personal, obtain consent or avoid sending it externally. - Executing untrusted code: The skill runs student .py files with subprocess.run. This can run arbitrary malicious code. Only run in an isolated, ephemeral sandbox/container with no sensitive network/filesystem access. - Unsafe zip extraction: zip_ref.extractall is used without sanitizing paths (zip-slip). Ensure filenames are sanitized or extract inside a strict sandbox. - Missing templates/resources: template_manager returns templates/assignment_{id}, but no templates are bundled. Confirm where templates come from and ensure they are trustworthy. Recommended actions before installing or running: 1) Require the author to update skill.yaml to declare OPENAI_API_KEY and add openai to requirements.txt; document that student code will be sent to OpenAI. 2) Run the skill in a locked-down container or VM (no network or limited network) until you validate behavior. 3) Inspect or provide the templates directory, and consider local-only grading if you cannot allow external AI calls. 4) Patch code to validate zip entries and avoid path traversal; do not run student code on the host—use sandboxing/time/resource limits and consider static analysis instead of execution. 5) If you must use it, use a throwaway QQ account and rotate its auth code afterwards. Given these gaps and risky behaviors, treat the skill as suspicious until the author addresses the above points.