← 返回 Skills 市场
Ai Exam 授客AI智能考试
作者
xiangzidetiandi
· GitHub ↗
· v0.1.0
· MIT-0
146
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install soke-ai-exam-skill
功能描述
AI智能出题考试系统 - 基于文档自动生成考试、指派学员并查询结果
安全使用建议
This package appears to implement the advertised exam workflow (upload document → AI generate questions → assign users → query results), but there are important inconsistencies you should address before using it:
- The registry metadata declares no required environment variables, but the code needs APP_KEY, APP_SECRET, CORP_ID and a BASE_URL (and possibly DEPT_USER_ID). Confirm and set BASE_URL and credential env vars before running.
- The skill will upload any local file you provide to the configured BASE_URL. Do not point it at sensitive system files or private documents unless you trust the remote endpoint. Prefer using a test account and non-sensitive documents first.
- Verify the BASE_URL is a trusted service you control or trust. The source is unknown and there is no homepage; consider obtaining the code from a vetted source or running it in an isolated environment (network-restricted or sandbox) initially.
- Limit the credentials used: create a service account with minimal permissions for the exam API rather than using broad organization admin credentials.
- Review the code (api-client.js, config.js, exam-service.js) yourself or with someone you trust to ensure endpoints and behaviors match your expectations.
If you cannot validate BASE_URL and the origin of this package, treat it as untrusted and avoid using it with sensitive data or production credentials.
功能分析
Type: OpenClaw Skill
Name: soke-ai-exam-skill
Version: 0.1.0
The skill implements an AI-driven exam system that requires high-risk capabilities, including reading local files and performing external network requests. Specifically, 'exam-service.js' uses 'fs.createReadStream' to upload documents to a remote server, and 'api-client.js' manages sensitive application credentials (APP_KEY, APP_SECRET) retrieved from environment variables. While these behaviors are aligned with the stated purpose of generating exams from documents, the broad file access and the transmission of credentials to a configurable BASE_URL constitute significant security risks that could be exploited for data exfiltration if the agent is misdirected.
能力评估
Purpose & Capability
The skill claims to be an AI exam system and the code implements expected behavior (uploading documents, generating exams, assigning users). However the registry metadata lists no required environment variables or primary credential while SKILL.md and the code clearly require APP_KEY, APP_SECRET, CORP_ID and the code also uses BASE_URL and DEPT_USER_ID. This mismatch (manifest says 'none' but runtime needs credentials and an API base URL) is inconsistent and should be resolved.
Instruction Scope
Runtime instructions and code operate on local files (fs.readStream for the provided filePath) and call remote endpoints to upload documents, create exams, query users/departments, and manage access_token. That behavior is consistent with the described purpose, but the skill will transmit any file you point it at to the configured BASE_URL — so it can exfiltrate sensitive documents if misconfigured or pointed at system files. SKILL.md also omits mention of BASE_URL and DEPT_USER_ID even though the code requires them.
Install Mechanism
There is no automated install spec in the registry (user runs npm install). The package.json uses common dependencies (axios, dotenv, form-data). No remote download/extract or obscure installers are present in the package files provided.
Credentials
The code needs service credentials (APP_KEY, APP_SECRET, CORP_ID) and a BASE_URL (and optionally DEPT_USER_ID) to operate — these are reasonable for contacting the remote exam service. But the registry metadata did not declare any required env vars or a primary credential and SKILL.md/README do not consistently list BASE_URL and DEPT_USER_ID. The missing declaration increases the risk a user will install/run the skill without understanding the secrets it needs.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configs. It manages an access_token in an in-memory config object within the process (no persisted tokens written by the skill), which is expected for this use-case.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install soke-ai-exam-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/soke-ai-exam-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
ai-exam-skill 0.1.0 (Initial Public Release)
- Introduces an AI-powered exam system supporting automatic question generation from documents, exam assignment, and result queries.
- Supports multiple question types: single choice, multiple choice, alternative choice, true/false, fill-in-the-blank, and short answer.
- Allows flexible assignment by user names and department names.
- Provides methods for individual and batch result querying with built-in error handling.
- Access token management is automated; no manual refresh required.
- Includes detailed usage examples, configuration instructions, and API documentation.
元数据
常见问题
Ai Exam 授客AI智能考试 是什么?
AI智能出题考试系统 - 基于文档自动生成考试、指派学员并查询结果. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 146 次。
如何安装 Ai Exam 授客AI智能考试?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install soke-ai-exam-skill」即可一键安装,无需额外配置。
Ai Exam 授客AI智能考试 是免费的吗?
是的,Ai Exam 授客AI智能考试 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ai Exam 授客AI智能考试 支持哪些平台?
Ai Exam 授客AI智能考试 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ai Exam 授客AI智能考试?
由 xiangzidetiandi(@xiangzidetiandi)开发并维护,当前版本 v0.1.0。
推荐 Skills