Back to skill

Security audit

PKU BDKJ

Security checks across malware telemetry and agentic risk

Overview

This skill fits its PKU room-booking purpose, but it can use stored university credentials to create or cancel real reservations without clear confirmation safeguards.

Review before installing. Use only if you trust the separate bdkj and info-auth tools, and require manual confirmation for every login, reservation, cancellation, room, time, reason, and participant list. Avoid using it on shared machines unless you understand and protect or clear the stored session and groups files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to trigger on general mentions of classrooms, reservations, PKU-space terminology, SSO callbacks, backend endpoints, and local persistence files. In an agent setting, this can cause the skill to activate in contexts where the user did not intend a live booking workflow, increasing the chance of unintended authenticated actions against a real university system.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation exposes reserve and cancel operations but does not clearly warn that these commands modify live booking records. In an autonomous or semi-autonomous agent workflow, that omission makes accidental reservation creation or cancellation more likely, which can disrupt legitimate bookings and misuse the user's authenticated session.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The auto-login section normalizes credential-backed login via keyring and immediately demonstrates a live reservation submission, but provides no privacy or safety guardrails. This is dangerous because an agent could use stored credentials to authenticate and perform real actions without sufficient user awareness, consent, or review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.