ClawHub

PKU Info Auth

Security checks across malware telemetry and agentic risk

Overview

This skill is a PKU credential helper whose sensitive behavior is disclosed and aligned with its stated purpose, though users should handle environment-variable secrets carefully.

Use this only for PKU authentication tasks and prefer `info-auth store` with the OS keyring. Avoid long-lived `PKU_PASSWORD` environment variables, do not put credentials in shell profiles or logs, and only provide SMS codes for a single login command when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description contains very broad trigger terms such as '登录', '凭据', 'keyring', 'credential', and 'auth', plus a directive that this should be the 'FIRST skill' for many PKU workflows. That increases the chance of unintended invocation in conversations that merely mention authentication-related topics, causing the agent to enter sensitive credential-handling flows unnecessarily.

Credential Access

High
Category
Privilege Escalation
Content
| `store` | `save` | Interactively input and store credentials to OS keyring |
| `status` | | Show credential storage status (never shows password) |
| `check` | | Show session status for ALL services (treehole/course/campuscard/elective) |
| `clear` | | Remove credentials from OS keyring |

## Credential Resolution Order
Confidence
84% confidence
Finding
keyring

Credential Access

High
Category
Privilege Escalation
Content
- All user-facing strings in **Chinese**
- Error handling: `anyhow::Result` with `.context("中文描述")`
- The `store` command requires password confirmation (enter twice)
- `keyring_has_credential()` returns diagnostic info on failure for debugging
Confidence
78% confidence
Finding
keyring

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal