ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PKU BDKJ

v1.0.0

北京大学空间 (bdkj.pku.edu.cn) 学术研讨教室预约 CLI 工具。当用户提及 bdkj、北大空间、学术研讨教室、教室预约、研讨间、借教室 或想要查询/预约/取消 二教/四教/地学 教学楼里的空闲学术研讨教室时使用此 skill。支持保存固定参与人分组(如课题组),重复发起预约时只需 `--grou...

0· 57·0 current·0 all-time
by@wjsoj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wjsoj/pku-bdkj.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PKU BDKJ" (wjsoj/pku-bdkj) from ClawHub.
Skill page: https://clawhub.ai/wjsoj/pku-bdkj
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pku-bdkj

ClawHub CLI

Package manager switcher

npx clawhub@latest install pku-bdkj
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is presented as a CLI tool (with full Rust crate layout and commands) but the package contains only an instruction document and no install spec or required-binaries. The instructions expect a 'bdkj' CLI and an 'info-auth' check utility (and imply building/running Rust code), yet none of these are declared or provided — so the skill as-published cannot actually perform the described tasks without external components.
!
Instruction Scope
Runtime instructions tell the agent to read/write ~/.config/info/bdkj/ (sessions and groups.json), use keyring → environment → interactive fallbacks for login, and handle IAAA SSO cookies/JWT. These actions involve local file access and credentials. The SKILL.md is vague about which environment variables or keyring entries will be used, and about how SSO cookies are obtained, which grants the agent broad discretion to access local secrets.
!
Install Mechanism
There is no install specification even though the document describes a compiled Rust binary and project layout. That mismatch means the skill relies on external installation steps (building the crate or installing a prebuilt binary) that are not provided or documented in the published skill.
!
Credentials
The skill declares no required env vars or primary credential, yet its login flow explicitly reads keyring and environment variables as fallbacks. Because names of expected env vars/keys are not declared, the agent might search or read environment entries or keyring items broadly. The requested persistence (session cookies) is relevant to the purpose but handling of secrets is underspecified.
Persistence & Privilege
The skill persistently stores session and group data under ~/.config/info/bdkj/ (groups.json, session cookies). That is expected for a reservation CLI, but users should be aware this will write and read files in their home directory. always:false, so it is not force-enabled system-wide.
What to consider before installing
This skill looks like documentation for a CLI rather than a self-contained skill: it expects a 'bdkj' binary and an 'info-auth' helper but does not provide or declare them. Before installing or invoking: (1) confirm you have a trusted bdkj CLI implementation or the Rust project source to build; (2) verify where credentials are stored (keyring entry names or exact ENV variable names) so the agent cannot indiscriminately read environment variables; (3) understand that the skill will read/write ~/.config/info/bdkj/ (sessions and groups.json) and may need access to SSO cookies — do not paste IAAA passwords into untrusted agents; (4) prefer using an official repository or packaged binary and review its source if possible. Because of the mismatch between described code and what's actually provided, treat this skill with caution until dependencies and credential usage are clarified.

Like a lobster shell, security has layers — review code before you run it.

bdkjvk978nyk79n06vrpt69e63engy184ww3tclassroomvk978nyk79n06vrpt69e63engy184ww3tclivk978nyk79n06vrpt69e63engy184ww3tlatestvk978nyk79n06vrpt69e63engy184ww3tpkuvk978nyk79n06vrpt69e63engy184ww3treservationvk978nyk79n06vrpt69e63engy184ww3trustvk978nyk79n06vrpt69e63engy184ww3t
57downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@wjsoj
bdkjclassroomclilatestpkureservationrust
Download

bdkj - 北大空间学术研讨教室预约 CLI

A CLI client for PKU's academic discussion room reservation system at bdkj.pku.edu.cn.

Architecture

  • Crate location: crates/bdkj/
  • Auth flow: IAAA SSO (app_id="bdkj") → /login/oauth 回调种 JWTUser/SESSION/rememberMe cookies
  • API: 混合 JSON (/room/classRoom, /classRoom/seachStudent, /classRoom/historyTime) + HTML form 步骤 (/classRoom/applyStep, /classRoom/handle/submit) + GET 取消 (/classRoom/cancelApply/<id>)
  • HTML 列表:用 scraper 解析 div#results > div.row

Key Source Files

  • src/main.rs — tokio::main,调用 pku_bdkj::run()
  • src/lib.rs — Clap CLI 定义 + dispatch
  • src/client.rs — reqwest client 构造
  • src/login.rs — IAAA 登录 + JWTUser cookie 提取
  • src/api.rs — 教室/时段/学生/提交/取消/列出的核心 API
  • src/commands.rs — 各子命令实现
  • src/display.rs — 终端渲染(colored)
  • src/groups.rs — 参与人分组持久化(~/.config/info/bdkj/groups.json

CLI Commands

Command用途
login -pIAAA 密码登录(keyring → env → interactive)
status / logout会话管理
rooms <building>列出教学楼下所有教室(二教/四教/地学)
history <room_id>查询教室已被预约时段
student <serial> <name>查询学生信息
list / ls列出当前用户的预约记录
reserve --room-id ... --begin ... --end ... --reason ... -g <group>提交一次预约(用分组)
reserve ... -p 学号:姓名 -p ...提交一次预约(手动列参与人)
cancel <apply_id>取消一次预约
group list / show <name> / set <name> -p ... / remove <name>管理参与人分组

--group--participant 互斥;两者必须至少指定一个。申请人自己也必须包含在参与人列表中。

Auto-Login for AI Agents

info-auth check
bdkj login -p              # 读 keyring,不需要密码
bdkj group set lab -p 2200011523:张三 -p 2200011524:李四
bdkj reserve --room-id 924131235851276288 \
  --begin "2026-04-20 14:00:00" --end "2026-04-20 16:00:00" \
  --reason "课题组讨论" -g lab

Development Notes

  • 所有文案中文
  • 错误用 anyhow::Result + .context("中文描述")
  • Session 持久化 ~/.config/info/bdkj/;groups 在同目录下 groups.json
  • submit_apply 的成功判据是重定向后 URL path 为 /classRoom,而不是扫 layer.msg(页面模板里有无关的 layer.msg 调用会误命中)
  • 教室/教学楼 ID 需要硬编码的 building 常量(见 api.rs

Comments

Loading comments...