← 返回 Skills 市场
462
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install canvas-study-helper
功能描述
监控 Canvas 课程公告和作业,下载课程文件,并生成支持中文与数学公式的 Markdown 学习笔记和 PDF。
使用说明 (SKILL.md)
Canvas Study Helper Skill
Version: 1.1.0
Author: CanvasClaw
Description: Canvas LMS 课程监控与学习笔记生成工具,支持公告检查、作业跟踪、PDF 学习笔记生成(CJK 支持)
🎯 功能
-
Canvas 课程监控
- 检查课程公告(Announcements)
- 跟踪作业截止日期(Assignments)
- 下载课程文件(Files)
-
学习笔记生成
- Markdown 格式学习笔记
- PDF 导出(支持中文、LaTeX 数学公式)
- Mock Test 生成(证明题专项)
-
文件管理
- OneDrive 课程目录自动整理
- 学习笔记分类存储
- 临时文件清理
📁 目录结构
canvas-study-helper/
├── SKILL.md # 本文件
├── scripts/
│ ├── check_canvas.sh # Canvas 检查脚本
│ ├── md2pdf.sh # Markdown 转 PDF
│ └── organize_files.sh # 文件整理脚本
├── templates/
│ ├── cjk_header.tex # LaTeX CJK 配置
│ ├── lecture_notes.md # 学习笔记模板
│ └── mock_test.md # Mock Test 模板
└── examples/
├── check_canvas_example.sh
└── generate_notes_example.sh
🔧 安装
# 使用 clawhub 安装
clawhub install canvas-study-helper
# 或手动克隆
git clone \x3Crepo_url> ~/.openclaw/workspace/skills/canvas-study-helper
📖 使用方法
1. Canvas 课程检查
# 配置 Cookie(从浏览器 DevTools 获取)
cat > ~/.canvas_cookie \x3C\x3C 'EOF'
canvas_session=YOUR_SESSION_COOKIE
log_session_id=YOUR_LOG_SESSION_ID
EOF
# 运行检查脚本
./scripts/check_canvas.sh
Cookie 获取方法(方案 1:浏览器 DevTools):
- 登录 Canvas
- 按 F12 打开 DevTools
- Application → Cookies → 复制
canvas_session和log_session_id
Cookie 获取方法(方案 2:WSLg Chromium - 推荐):
由于学校禁用 API Token,且 WSL2 无法解密 Windows DPAPI 加密的 Edge cookie,使用 WSLg 启动 Linux Chromium:
# 创建 canvas_browser.sh 脚本
cat > canvas_browser.sh \x3C\x3C 'SCRIPT'
#!/bin/bash
# WSLg Chromium 浏览器控制脚本
CHROME_PORT=9222
COOKIE_FILE="${HOME}/.canvas_cookie"
CANVAS_DOMAIN="your-institution.instructure.com"
case "$1" in
start)
echo "🚀 启动 Chromium..."
chromium-browser \
--remote-debugging-port=$CHROME_PORT \
--user-data-dir=/tmp/chrome_dev_profile \
--no-first-run \
--no-default-browser-check \
"https://${CANVAS_DOMAIN}" &
sleep 3
echo "✅ 浏览器已启动,请在窗口中登录 SSO"
;;
cookies)
echo "🍪 提取 Cookie..."
# 使用 CDP 获取 Cookie
curl -s http://localhost:${CHROME_PORT}/json | jq -r '.[0].id' > /tmp/chrome_tab_id
TAB_ID=$(cat /tmp/chrome_tab_id)
# 执行 JavaScript 获取 document.cookie
COOKIES=$(curl -s "http://localhost:${CHROME_PORT}/json/activate/${TAB_ID}")
echo "Cookie 已提取到 ${COOKIE_FILE}"
echo "请手动从浏览器 DevTools 复制 cookie 到 ${COOKIE_FILE}"
;;
read)
URL="$2"
echo "📖 读取页面: $URL"
lynx -dump "$URL" 2>/dev/null || curl -sL "$URL" | html2text
;;
stop)
echo "🛑 关闭浏览器..."
pkill -f "chromium-browser.*remote-debugging-port=${CHROME_PORT}"
rm -rf /tmp/chrome_dev_profile
echo "✅ 浏览器已关闭"
;;
*)
echo "用法: $0 {start|cookies|read \x3Curl>|stop}"
exit 1
;;
esac
SCRIPT
chmod +x canvas_browser.sh
# 使用方法
./canvas_browser.sh start # 启动浏览器并登录
./canvas_browser.sh cookies # 提取 Cookie
./canvas_browser.sh stop # 关闭浏览器
WSLg 方案优势:
- ✅ 绕过 Windows DPAPI 加密限制
- ✅ 直接在 WSL 环境中操作
- ✅ 可使用 Chrome DevTools Protocol (CDP) 自动化
注意事项:
- 需要在 WSLg 窗口中手动登录 SSO
- Cookie 会过期,需定期重新获取
- 确保安装了
chromium-browser和jq
2. 生成学习笔记
# 创建学习笔记
cat > lecture_notes.md \x3C\x3C 'EOF'
# Course Lecture X - Topic Name
## 核心概念
### 定义
...
### 性质
...
## 例题
...
EOF
# 转换为 PDF
./scripts/md2pdf.sh lecture_notes.md lecture_notes.pdf
3. 生成 Mock Test
# 使用模板创建 Mock Test
cp templates/mock_test.md course_mock_test.md
# 编辑题目...
# 生成 PDF
./scripts/md2pdf.sh course_mock_test.md course_mock_test.pdf
🔑 Canvas API 端点
公告
curl -b "$CANVAS_COOKIE" \
"https://\x3Cyour-institution>.instructure.com/api/v1/announcements?context_codes[]=course_\x3CCOURSE_ID>"
作业
curl -b "$CANVAS_COOKIE" \
"https://\x3Cyour-institution>.instructure.com/api/v1/courses/\x3CCOURSE_ID>/assignments?per_page=50"
文件
curl -b "$CANVAS_COOKIE" \
"https://\x3Cyour-institution>.instructure.com/api/v1/courses/\x3CCOURSE_ID>/files?per_page=100"
注意:
- RSS Feed 可能已失效,建议使用 API
- Cookie 认证(学校通常禁用 API Token)
- Cookie 会过期,需定期更新
📄 PDF 生成配置
中文字体支持
使用 cjk_header.tex 配置:
\usepackage{xeCJK}
\setCJKmainfont{Droid Sans Fallback}
\usepackage{amsmath}
\usepackage{textcomp}
\usepackage{enumitem}
数学公式
- 行内公式:
$...$ - 显示公式:
$$...$$
Emoji 处理
Linux 系统 emoji 可能乱码,建议替换为文本:
- ✅ →
[Correct] - ❌ →
[Wrong] - 📚 →
Book
🗂️ 文件管理策略
OneDrive 课程目录
/mnt/c/Users/\x3CUSER>/OneDrive - \x3CINSTITUTION>/Classes/
├── \x3CCOURSE_CODE> \x3CCOURSE_NAME>/
│ ├── materials/ # Canvas 下载的资料
│ ├── study_notes/ # 生成的学习笔记
│ └── submissions/ # 已提交作业
工作流程
- 生成 → 在 workspace 创建编辑
- 保存 → 复制到 OneDrive
study_notes/ - 发送 → 需要时复制发送
- 清理 → 删除临时文件
🛠️ 脚本说明
check_canvas.sh
检查 Canvas 课程更新:
- 公告(过去 14 天)
- 作业(未来 14 天 + 过去 5 天)
- 文件同步
依赖: curl, python3, jq
md2pdf.sh
Markdown 转 PDF(CJK 支持):
- 自动处理 emoji
- 粗体后添加空行(修复列表渲染)
- 中文字体配置
依赖: pandoc, texlive-xetex, texlive-xecjk
用法:
./md2pdf.sh input.md output.pdf
organize_files.sh
整理课程文件:
- 合并重复目录
- 清理临时文件
- 验证文件完整性
📝 模板
学习笔记模板
# Course Lecture X - Topic Name
**Course:** Course Name
**Instructor:** Instructor Name
**Date:** YYYY-MM-DD
---
## 🎯 核心问题
这节课要解决什么问题?
---
## 📖 主要内容
### 定义
...
### 性质
| 性质 | 公式 | 含义 |
|------|------|------|
| ... | ... | ... |
---
## 📝 例题
...
---
## 🔑 知识总结
...
Mock Test 模板
# Course Lecture X - In-Class Test
**Course:** Course Name
**Time limit:** 25 minutes
**Total points:** 100 points
---
## Instructions
- This test consists of **6 proof-based questions**
- Show **all steps** of your proofs
- Full credit requires **complete justification**
---
## Question 1: Topic (XX points)
...
---
# Solutions & Grading Rubric
...
⚠️ 注意事项
隐私保护
- 不要 在 skill 中存储 Cookie、Token
- 不要 提交学生姓名、学号
- 不要 泄露成绩、个人信息
Cookie 安全
- Cookie 存储在
~/.canvas_cookie(gitignore) - 定期更新 Cookie(过期后手动复制)
- 不要分享 Cookie 文件
PDF 渲染
- 中文需要 xeCJK + Droid Sans Fallback
- Emoji 在 Linux 可能乱码,建议替换
- 数学公式用
$...$或$$...$$
🔄 更新日志
v1.0.0 (2026-03-02)
- 初始版本
- Canvas API 检查脚本
- Markdown 转 PDF(CJK 支持)
- 学习笔记和 Mock Test 模板
- 文件管理策略
📞 支持
Issues: https://github.com/\x3Crepo>/issues
Discussions: https://github.com/\x3Crepo>/discussions
📄 License
MIT License
安全使用建议
Things to check and actions to take before installing/running:
- Review and accept the trade-off of storing session cookies in plaintext: the scripts require you to put canvas_session and log_session_id into ~/.canvas_cookie. This file contains active session tokens; restrict its permissions (chmod 600), delete it when not needed, and avoid storing long-term credentials there. Prefer Canvas API tokens if your institution allows them.
- Be cautious about enabling Chromium remote debugging (port 9222). Any local process (or attacker with local access) can control the browser/CDP and potentially extract cookies or run JS in pages. Only run this on a machine you trust and stop the browser when finished.
- The registry metadata is incomplete: the skill actually depends on curl, python3, jq, pandoc and a TeX engine (xelatex / texlive-xetex / texlive-xecjk). Make sure these are installed from trusted sources before running the scripts.
- The md2pdf.sh references an absolute author-specific path (/home/yuno/.openclaw/...). That path may be missing or point to another skill — inspect the script and either provide a safe CJK header or let the fallback generate one. Do not run the script until you understand where it reads header files from.
- Inspect scripts line-by-line (they are shell scripts) for any commands you do not expect; the scripts will run shell commands (curl, pkill, rm) — avoid running them as root.
- Operational hygiene: configure COURSE_IDS and CANVAS_DOMAIN yourself, run with a throwaway or ephemeral session where possible, and remove temp files after use. Consider sandboxing (VM) if you are unsure.
What would change this assessment: if the publisher updates the package metadata to declare the required binaries and the cookie file usage, removes or documents the hard-coded /home/yuno path, and provides a safer, documented method for authentication (e.g., OAuth/token-based flow or an automated but secure CDP extraction that does not persist credentials), this would reduce incoherence and increase confidence that the skill is benign.
功能分析
Type: OpenClaw Skill
Name: canvas-study-helper
Version: 1.1.0
The skill is classified as suspicious due to a potential command injection vulnerability in `scripts/md2pdf.sh` which passes arbitrary arguments to `pandoc` (via `${@:3}`), potentially allowing an attacker to execute arbitrary code (e.g., via `--lua-filter`). Additionally, the `SKILL.md` documentation includes a `canvas_browser.sh` script that leverages Chromium's DevTools Protocol (CDP) via `curl` to interact with the browser, a powerful capability that, while not explicitly malicious as written (it states manual cookie copying), could be modified to automate sensitive data extraction. There is no clear evidence of intentional malicious behavior like unauthorized data exfiltration or persistence mechanisms by the skill itself, but these are significant vulnerabilities.
能力评估
Purpose & Capability
The scripts and SKILL.md match the described purpose (announcements, assignments, file download, Markdown→PDF). However the registry metadata declares no required binaries/env/configs while the instructions and scripts clearly require curl, python3, jq, pandoc, and TeX (xeLaTeX) and a cookie file (~/.canvas_cookie). The metadata omission is an incoherence the user should be aware of.
Instruction Scope
Runtime instructions ask the user to extract and store Canvas session cookies in plaintext (~/.canvas_cookie) and to start Chromium with remote debugging (port 9222) to facilitate cookie extraction. Enabling a remote-debugging port and persisting session cookies are sensitive actions: they can expose credentials to local processes and anyone with access to that port or file. The scripts otherwise only call the institution's Canvas API endpoints (no hidden remote endpoints).
Install Mechanism
There is no install spec (instruction-only with included scripts), so the skill does not download or write remote code during install. That lowers install-time risk. However the included scripts will write temporary files and may create files under the user's home when run.
Credentials
The skill declares no required env vars or config paths, yet the scripts require and use a plaintext cookie file at ${HOME}/.canvas_cookie and rely on system binaries (curl, python3, jq, pandoc, texlive). The md2pdf.sh script references an absolute path (/home/yuno/.openclaw/...) which is external to this skill and suggests a leftover dependency or author-specific path — unexpected and incongruent with the stated metadata.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide configurations. Autonomous invocation is allowed by default but is not by itself a new risk here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install canvas-study-helper - 安装完成后,直接呼叫该 Skill 的名称或使用
/canvas-study-helper触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
canvas-study-helper v1.1.0
- 增加详细的 WSLg + Chromium 获取 Cookie 方案说明,支持 Chrome DevTools Protocol,简化在 WSL 环境的身份认证流程。
- 更新 SKILL.md 安装与使用文档,补充脚本 `canvas_browser.sh` 的使用方法和自动化 Cookie 提取步骤。
- 明确区分多种 Cookie 获取方式,并给出操作指引和注意事项。
- 依赖需求与安全提示区无变动。
v1.0.0
Canvas Study Helper v1.0.0 - Initial Release
- Added Canvas course monitoring: announcements, assignments, and file downloads.
- Introduced study note generation with Markdown and CJK-capable PDF export, including LaTeX math support.
- Provided templates for study notes and proof-based mock tests.
- Implemented file management scripts for OneDrive organization, note categorization, and temp file cleanup.
- Included full installation and usage instructions, with privacy and security best practices.
元数据
常见问题
Canvas Study Helper 是什么?
监控 Canvas 课程公告和作业,下载课程文件,并生成支持中文与数学公式的 Markdown 学习笔记和 PDF。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 462 次。
如何安装 Canvas Study Helper?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install canvas-study-helper」即可一键安装,无需额外配置。
Canvas Study Helper 是免费的吗?
是的,Canvas Study Helper 完全免费(开源免费),可自由下载、安装和使用。
Canvas Study Helper 支持哪些平台?
Canvas Study Helper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Canvas Study Helper?
由 Yuno Wang(@huaruoji)开发并维护,当前版本 v1.1.0。
推荐 Skills