ClawHub

SYSU Anything Apple

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SYSU macOS helper for syncing campus tasks into Apple Calendar and Reminders, with the important account-changing actions disclosed and gated by confirmation flags.

Install this only if you trust the sysu-anything npm package and are comfortable granting Calendar/Reminders access and using SYSU session data under ~/.sysu-anything. Review commands before allowing any --confirm action, because those can submit bookings, signups, leave requests, or other campus-service changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is extremely broad and explicitly includes fuzzy natural-language requests, which can cause the agent to activate this skill for many loosely related campus-task prompts. Because the skill can install software (`npm i -g sysu-anything`) and initiate real-world actions such as bookings, submissions, calendar writes, and reminders, overbroad routing increases the chance of unintended invocation and user-impacting side effects.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text explicitly invites activation on "fuzzy requests" and provides broad examples without defining boundaries, which can cause the skill to be selected for ambiguous user intents outside its intended Apple Calendar/Reminders workflow. In an agent-routing context, overly broad activation increases the chance of misrouting, unintended action suggestions, or inappropriate handling of campus-related requests that should go to a more specific or safer skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The deploy script unconditionally removes the existing target skill directory with `fs.rm(..., { recursive: true, force: true })` before copying new contents. If `--dest` or environment-derived paths are misconfigured, this can silently destroy user data or an existing installation, and the Apple automation context does not reduce that risk because deployment still writes into real user-controlled filesystem locations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal