ClawHub

SYSU Anything CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SYSU campus-services helper that uses the SYSU Anything CLI for authenticated campus workflows, with some documentation gaps around credential and attachment handling.

Install only if you are comfortable using the sysu-anything CLI with SYSU accounts and storing campus session files locally. Do not share callback URLs, logs, or files from ~/.sysu-anything, avoid shared machines, review commands before adding --confirm, and double-check any homework attachment paths before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description uses very broad fuzzy-trigger language covering many common campus-related intents, which can cause the agent to invoke this skill for loosely related requests. Because this skill drives a CLI with login-dependent and potentially state-changing campus operations, over-triggering increases the chance of unintended access, unnecessary authentication flows, or accidental execution of sensitive actions in the wrong context.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The default prompt explicitly routes not only specific SYSU tasks but also vague, open-ended 'other campus-service tasks' to this skill. That broad trigger can cause over-invocation outside the skill's validated scope, increasing the chance that sensitive account, booking, or academic actions are attempted without clear user intent or proper guardrails. In a campus-services skill tied to real-world systems, ambiguity is more dangerous because it may touch authenticated workflows and personal data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly enumerates persistent session and token files for multiple campus services, but provides no warning that these artifacts contain active authentication material. In the context of an agent skill that automates login recovery and state reuse, this omission increases the chance that users, tooling, or downstream prompts mishandle these files, exposing reusable sessions or bearer tokens that could enable account access across several systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recovery flows instruct users to replay callback URLs directly, and such URLs commonly embed authorization codes, tickets, or other transient credentials. Without explicit handling guidance, users may paste these values into chats, logs, shell history, or agent transcripts, allowing credential theft or session seeding for services like chat, gym, and xgxt.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly instructs users to replay an authentication callback and persist a token locally, but it does not warn about the sensitivity of callback URLs, token storage location, file permissions, or cleanup. In a campus-services skill handling authenticated access, this increases the chance of credential leakage through shell history, logs, shared machines, or insecure local storage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly instructs users to submit homework answers using a structured JSON format that can include local file paths, and states the CLI will automatically upload those attachments. This creates a real risk of unintended data exfiltration because users may provide sensitive local files without a clear warning that file contents will be transmitted to a remote Rain Classroom service.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal