← 返回 Skills 市场
125
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install normieclaw-tutor-buddy-pro
功能描述
Provides step-by-step, interactive homework help using the Socratic method, tracks progress, creates study plans, and adapts to each student's learning style.
安全使用建议
This package appears coherent with its stated purpose (local tutoring, Socratic flows, and local progress tracking). Before installing: 1) Only paste the provided system prompt into your agent if you trust the skill source — that is a privileged change. 2) Be aware generate-progress-report.sh requires python3 and Playwright (which may download Chromium during installation); install those tools consciously and review their network behavior if you need to keep everything offline. 3) The dashboard docs describe optional remote sync/dashboard components — those are separate and would require you to deploy or connect to a web service; nothing in this package automatically exfiltrates data. 4) The SKILL.md contains explicit prompt-injection defense (which is why the scanner flagged patterns); review that section to confirm it matches your safety expectations. If you want higher assurance, run the skill in a sandboxed agent instance and inspect network activity while exercising the report-generation path.
功能分析
Type: OpenClaw Skill
Name: normieclaw-tutor-buddy-pro
Version: 1.0.3
The skill provides an AI tutoring platform with a report generation feature. The script `scripts/generate-progress-report.sh` is classified as suspicious because it introduces high-risk capabilities, specifically the use of a headless browser (Playwright) and shell execution to render HTML reports. The script also contains vulnerabilities, such as the potential for arbitrary file writes via an unvalidated output path argument and a lack of HTML escaping for user-provided data (e.g., student names) in the generated report, which could lead to local code execution within the browser environment. While these features are aligned with the stated purpose of visual progress tracking, the implementation provides a significant attack surface without sufficient sanitization.
能力评估
Purpose & Capability
The skill claims local-only tutoring, progress tracking, and photo-to-solution capabilities and the files (SKILL.md, config, examples, and a single report script) align with that purpose. One mismatch: registry metadata lists no required binaries, but scripts/documentation state the report generator needs python3 and Playwright (and Playwright may download Chromium). The dashboard companion describes a web dashboard and /api/sync endpoints, but no code in this package automatically phones home — the dashboard is optional and would be a separate deployment.
Instruction Scope
Runtime instructions are focused on tutoring behavior (image OCR, Socratic prompts, progress tracking). The SKILL.md explicitly includes prompt-injection defense and repeatedly treats user-supplied homework/images as data (not instructions). Setup requires pasting the provided system prompt into the agent (SETUP-PROMPT.md) — that is normal for skills but is a privileged action: only do this if you trust the skill source.
Install Mechanism
There is no install spec in the registry (instruction-only), so nothing is automatically downloaded or installed. However, the included generate-progress-report.sh requires python3 and Playwright (and Playwright can fetch a Chromium binary when installed), which is an out-of-band dependency not reflected in registry metadata. The script itself does not make outbound network calls and cleans up temp files; it writes and renders HTML locally.
Credentials
The package requests no environment variables, no credentials, and no special config paths. Data and files referenced are local to the skill (data/ and config/). Documentation promises no hardcoded secrets or telemetry; those claims match the code provided (no network calls or embedded endpoints in scripts).
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, and does not modify other skills or system-wide settings. Setup asks you to copy a system prompt into your agent — that changes the agent's behavior but is standard for skills and is clearly documented in SETUP-PROMPT.md.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install normieclaw-tutor-buddy-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/normieclaw-tutor-buddy-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
v1.0.3: Security fixes: confined scripts to skill directory, removed filesystem traversal from setup
v1.0.2
v1.0.2: MIT license, cleaned descriptions, removed cross-sell
v1.0.0
Initial publish from NormieClaw.ai
元数据
常见问题
Tutor Buddy Pro 是什么?
Provides step-by-step, interactive homework help using the Socratic method, tracks progress, creates study plans, and adapts to each student's learning style. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 125 次。
如何安装 Tutor Buddy Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install normieclaw-tutor-buddy-pro」即可一键安装,无需额外配置。
Tutor Buddy Pro 是免费的吗?
是的,Tutor Buddy Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Tutor Buddy Pro 支持哪些平台?
Tutor Buddy Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tutor Buddy Pro?
由 Nollio(@nollio)开发并维护,当前版本 v1.0.3。
推荐 Skills