Back to skill

Security audit

Auto Course Player

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates online course playback, but it also helps advance course progress in a logged-in education account while using anti-detection guidance and broad auto-clicking behavior.

Install only if the course platform, school, and account owner explicitly allow this kind of automation. Review and narrow the Tampermonkey match scope before use, remove anti-detection behavior, and avoid using it where attendance, completion credit, assessments, submissions, payments, or official records could be affected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The README explicitly recommends usage patterns intended to reduce platform detection, such as limiting sessions and checking progress periodically to avoid anomalies. In the context of an auto-course player that automates online learning activity, this crosses from neutral automation guidance into evasion-oriented assistance that can facilitate policy circumvention and academic-integrity abuse.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This script deliberately automates course progression by monitoring video completion, clicking into the next lesson, and dismissing learning-status dialogs. In context, that behavior is intended to bypass interactive checkpoints and platform friction rather than assist a clearly documented legitimate workflow, which can violate platform rules and undermine attendance/completion controls.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The generic dialog-closing fallback identifies a centered button labeled '确定' using only rough vertical position, which is too broad to safely distinguish modal confirmations from unrelated page actions. On a complex site, this can trigger unintended clicks such as submitting forms, confirming destructive actions, or navigating away.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly promotes a script that automates course video playback, completion detection, popup closing, and lesson advancement, but omits any warning that this may violate platform rules, academic integrity requirements, or trigger account sanctions. In this context, the skill is designed to bypass normal user participation expectations on an educational platform, which creates meaningful compliance and misuse risk even though the file is documentation rather than executable code.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The bookmarklet actively manipulates the target course page by auto-playing, muting, clicking next items, and dismissing dialogs on a timer, but it provides no meaningful warning about the scope of those actions or the risks of running arbitrary page-modifying code in the browser context. Because bookmarklets execute with the privileges of the current page, this kind of automation can unintentionally alter course progress, trigger unintended clicks, or interfere with site workflows, making it a genuine security-relevant behavior even if the apparent goal is convenience.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.