ClawHub

BilimClass

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real BilimClass helper, but it handles long-lived school account tokens and has broad auto-triggering that users should review carefully.

Install only if you intentionally want your agent to access your own BilimClass schedule, homework, diary, and grades. Treat the JWTs as passwords: keep ~/.openclaw/.env.json private, do not commit or paste it into chats, and refresh or revoke tokens if exposed. Prefer explicit BilimClass requests to avoid accidental grade or diary lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script automatically discovers and loads BilimClass tokens and student identifiers from a local .env.json file at import time, rather than requiring explicit user-supplied credentials for each invocation. That expands the skill's effective privileges and can cause silent use of sensitive account data not clearly disclosed by the skill interface, which is risky in an agent environment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README advertises auto-trigger phrases like 'домашка', 'оценки', 'дневник', and broad school-related questions, which can match normal conversation and cause the skill to activate unexpectedly. In an agent setting, overly broad triggers can expose student schedule, homework, or diary data without a clearly intentional user request and can interfere with unrelated conversations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup instructions tell users to extract a long-lived JWT from browser localStorage and place it in a local config file, but they do not prominently warn that this token is effectively an account credential. Because the token appears to grant direct API access for up to about a year, mishandling, copy/paste leakage, screenshots, logs, or accidental sharing of the config could expose private student data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger condition 'any school-related queries for Kazakhstan students' is overly broad and can cause the skill to activate on unrelated educational or student queries. Overbroad activation increases the chance of unnecessary access to student data and accidental disclosure of schedule, homework, or grades in the wrong context.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation tells users to manually extract long-lived JWTs from browser localStorage and network headers and store them in a local config file, but it does not prominently warn that these are highly sensitive bearer credentials. Anyone who obtains these tokens can impersonate the user to access school data, including grades and diary information, until the tokens expire or are revoked.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code loads bearer tokens, school ID, user ID, and student UUID from local configuration and then transmits them to remote BilimClass services without any user-facing notice or confirmation. In a school-data context, this means the skill can access and expose sensitive educational records and account-linked identifiers without transparent consent.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal