← 返回 Skills 市场
clairproqc-star

French Learning

作者 clairproqc-star · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
97
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install french-learning
功能描述
French vocab automation. Formats Excel vocab to Google Sheet, generates ElevenLabs audio, uploads to Drive. Triggers: process french vocab, generate audio, F...
使用说明 (SKILL.md)

French Learning Skill

This skill automates the creation of French learning materials.

Resource Locations

  • Configuration: Refer to references/config.md for target Google Sheet and Drive Folder IDs.
  • Scripts: Automation logic resides in scripts/.

Prerequisites

  1. Google Sheet Setup: Ensure you have access to the target Google Sheet: https://docs.google.com/spreadsheets/d/1Nnwv4DbbUgfiNDiJdgCvnyxH6oPBis_99fm-2voehl4.
  2. Google Drive Folder: You must provide a Google Drive Folder ID where the generated audio files will be saved.
  3. ElevenLabs API Key: The ELEVENLABS_API_KEY environment variable must be set to use the sag TTS skill for audio generation.

Standard Workflows

1. Format Excel to Google Sheet

scripts/format_excel.py — Reads source Sheet, calls Gemini for Chinese translation + example sentences, writes 6 columns (Index, Fr Original, En Translation, Chinese Translation, Example Sentence (FR), Example Sentence (CN)) into target Sheet, then applies wrap text (wrapStrategy: WRAP) to all cells so long sentences stay within the cell.

2. Generate & Upload Audio

scripts/generate_audio.py — Fetches Example Sentence (FR) + Index, chunks into batches of 20, generates MP3 via ElevenLabs (sag skill), uploads to specified Drive folder named 1-20.mp3, 21-40.mp3, etc. Requires Drive Folder ID.

安全使用建议
Before installing or running this skill: - Verify gog, gemini, and sag are the exact CLIs you expect and are installed from trusted sources. CLI supply-chain risk is real. - Confirm how your machine is authenticated to Google (gog). The skill will read and write Google Sheets and upload files to Drive; the repository does not declare the Google credentials/config required — ensure you only grant a least-privilege account or folder access, not broad account access. - Protect API keys: GEMINI_API_KEY and ELEVENLABS_API_KEY are required; treat them as secrets and avoid exposing them to shared environments. - Review and harden scripts: replace the shell=True pattern in scripts/fix_update.py (which injects /tmp/french_learning_output_data.json via a shell substitution) with a safe non-shell subprocess call that reads the file directly or passes JSON as an argument. The current pattern could allow command injection if an attacker can control the temp file. - Consider running first in a sandbox or with a restricted Google service account that only has write access to the intended Sheet/Drive folder, and audit the folder after a test run. - If you do not want the skill to upload to your Drive, do not provide the Drive Folder ID or run the generate_audio script until you have validated outputs locally. If you want, I can point out the exact lines to change to eliminate the shell invocation and make the scripts safer.
功能分析
Type: OpenClaw Skill Name: french-learning Version: 1.0.0 The skill contains a shell injection vulnerability in `scripts/fix_update.py`, which uses `subprocess.run(shell=True)` combined with shell command substitution `$(cat ...)` to process a temporary JSON file. While the skill's stated purpose of automating French vocabulary via Google Sheets and ElevenLabs (using the `gog` and `sag` tools) appears legitimate, this coding practice allows for potential arbitrary command execution if the contents of the temporary file are manipulated. No clear evidence of intentional malice or data exfiltration was found, but the inclusion of an insecure update script warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description, required binaries (gog, gemini, sag) and required env vars (GEMINI_API_KEY, ELEVENLABS_API_KEY) align with the code: scripts read Google Sheets via 'gog', call Gemini for translations, use 'sag' to generate ElevenLabs audio, and upload to Drive. The files implement the described functionality.
Instruction Scope
Runtime instructions and scripts stay within the declared feature set (read source sheet, call Gemini, update target sheet, generate audio with sag, upload to Drive). However, scripts read/write /tmp files and one script (scripts/fix_update.py) constructs and runs a shell command with shell=True that injects the file contents via $(cat ...). If an attacker or another process can control that temp file, this could lead to command injection. Also the skill will upload generated audio into a Google Drive folder (requires Drive access).
Install Mechanism
This is an instruction-only skill with included scripts and no install spec — nothing is downloaded or installed by the skill itself. The risk surface is limited to executing the provided scripts and the external CLIs they call.
Credentials
The declared environment variables (GEMINI_API_KEY, ELEVENLABS_API_KEY) are appropriate for the LLM and TTS usage. However, the scripts rely heavily on the 'gog' CLI for Google Sheets/Drive access but the skill does not declare or request any Google credentials, service-account keys, or config paths. That omission is a coherence gap: a user must ensure gog is authenticated (likely with Google OAuth or a service account) before running. Also treat API keys as sensitive — the skill will use them to make network requests to external services.
Persistence & Privilege
The skill is not persistent (always:false), is user-invocable, and does not modify other skills or system-wide configs. It only runs the included scripts and external CLIs when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install french-learning
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /french-learning 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
French Learning Skill v1.0.0 – Initial release - Automates French vocabulary list processing: formats Excel files to a specified Google Sheet with translations and examples. - Generates French audio for example sentences using ElevenLabs and uploads MP3 files to a provided Google Drive folder in batches. - Applies wrap text formatting for improved readability in the Google Sheet. - Requires setup of environment variables for Google Drive and ElevenLabs API access.
元数据
Slug french-learning
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

French Learning 是什么?

French vocab automation. Formats Excel vocab to Google Sheet, generates ElevenLabs audio, uploads to Drive. Triggers: process french vocab, generate audio, F... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。

如何安装 French Learning?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install french-learning」即可一键安装,无需额外配置。

French Learning 是免费的吗?

是的,French Learning 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

French Learning 支持哪些平台?

French Learning 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 French Learning?

由 clairproqc-star(@clairproqc-star)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论