Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Elective
v1.1.0PKU Course Selection (选课网) CLI tool built in Rust. Use this skill when working on the elective crate, debugging elective commands, adding features, or when t...
⭐ 0· 112·0 current·0 all-time
by@wjsoj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md documents a CLI tool (elective) with SSO, CAPTCHA backends, and session persistence. The manifest lists no required binaries, env vars, or config paths; that is inconsistent — a CLI that logs in, polls, and calls external CAPTCHA APIs plausibly needs the elective binary and API credentials.
Instruction Scope
Instructions tell the agent to run commands (elective, info-auth), read credentials via OS keyring/env/interactive, persist sessions to ~/.config/info/elective/, and send base64 CAPTCHA images to external backends (utool/ttshitu/yunma). Those runtime actions go beyond what's declared and could access sensitive secrets and third‑party endpoints.
Install Mechanism
There is no install spec (instruction-only), which is low risk from a code-install perspective. However, the runtime assumes the presence of local binaries (elective, info-auth) that the manifest does not enumerate—this is an operational inconsistency rather than an install risk.
Credentials
SKILL.md expects credentials resolved from keyring → env → interactive and mentions CAPTCHA recognition APIs (which typically require API keys), but the skill declares no required env vars or primary credential. Sensitive access (keyring, API keys) is implied but not declared or scoped.
Persistence & Privilege
The tool persists session data to ~/.config/info/elective/ and reads OS keyring entries. The manifest does not declare these config-path or credential accesses. Autonomous invocation is allowed by default (not disabled), which combined with undisclosed credential access increases potential risk.
What to consider before installing
This skill's documentation shows it will run a local elective CLI, read credentials from your OS keyring or environment, write session files to ~/.config/info/elective/, and send CAPTCHA images to third‑party recognition services — but the skill metadata does not declare the required binaries, config paths, or API credentials. Before installing or enabling it (especially for autonomous use):
- Ask the publisher to update the manifest to list required binaries (elective, info-auth), required config paths, and any environment variables/API keys for CAPTCHA backends.
- If you plan to use third‑party CAPTCHA services (utool/ttshitu/yunma), verify which endpoints and keys are used and whether you consent to sending images (and potentially personal data) to those services.
- Consider running the skill only when explicitly invoked (disable autonomous invocation) or in a restricted environment until the metadata is corrected.
- Inspect or provide the elective binary from a trusted source; do not let the agent fetch arbitrary executables.
- If you are uncomfortable with keyring access or session persistence, decline or sandbox the skill and request the author to make credential handling explicit and opt‑in.
These mismatches may be benign omissions, but they materially affect what the skill can access; treat it as suspicious until clarified.Like a lobster shell, security has layers — review code before you run it.
clivk970kjtpmzcp1y8ha47q0jkd0d84g7qdelectivevk970kjtpmzcp1y8ha47q0jkd0d84g7qdlatestvk973m8665c1y33fhzh5hhae9p184xd1vpkuvk970kjtpmzcp1y8ha47q0jkd0d84g7qdrustvk970kjtpmzcp1y8ha47q0jkd0d84g7qd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.