Back to skill

Security audit

Bunpro

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a coherent Bunpro progress sync tool, but users must handle the browser-derived Bunpro token and local database as private credentials/data.

Install only if you are comfortable using Bunpro's unofficial frontend API. Treat the frontend token like a password: prefer an environment variable or secure secret store, avoid CLI arguments and chat/log sharing, refresh it if exposed, and keep bunpro.db out of shared folders or source control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documentation explicitly instructs users to extract a live Bunpro bearer token from browser console, network traffic, or local storage. That is a credential-harvesting pattern: even if intended for convenience, it normalizes exposing sensitive session tokens and enables any consumer of the skill to access the user's account via the unofficial API.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to manually extract a live frontend bearer token from browser storage, console output, or network headers without strong warnings about credential sensitivity, scope, and leakage risks. That creates a realistic chance the token will be copied into shell history, logs, screenshots, chat transcripts, or insecure files, enabling account access until expiry.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells users how to obtain a bearer token from DevTools and browser storage but does not prominently warn that this token is equivalent to account access and must be handled as a secret. This increases the chance that users will paste credentials into unsafe contexts, exposing their Bunpro account to unauthorized use.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script handles a sensitive bearer token and encourages passing it via CLI flag or environment variable, but provides no warning about secret exposure risks such as shell history, process listings, or insecure storage. In this skill context, the token grants access to personal learning data and could be abused if leaked from a shared machine or logs.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The script instructs users to extract a frontend API token from browser DevTools/local storage, which normalizes manual harvesting of an authentication credential outside an official token issuance flow. Even if intended for convenience, these instructions increase the chance of mishandling, policy violations, or accidental disclosure of a live bearer token.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
`POST /bookmarks`

#### Delete Bookmark
`DELETE /bookmarks/{bookmarkId}`

## Grammar Points
Confidence
88% confidence
Finding
DELETE /bookmarks/{bookmarkId}`

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.