Security audit

PKU Claspider

Security checks across malware telemetry and agentic risk

Overview

This is a read-only PKU course catalog scraping helper, but users should treat the Zhiyun browser token as a sensitive credential.

Install only if you trust the local claspider/elective CLI code you will run. Avoid pasting real JWTs into shared terminals, logs, or shell history; prefer a safer local secret-handling method if the CLI supports one, and use authenticated modes only on machines you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs users to extract a browser `_token` JWT and supply it to the CLI, but it does not identify the token as a sensitive bearer credential or warn about leakage risks. In this context, that omission can lead users to mishandle an authentication token that may grant access to protected course data or APIs if copied, stored, or shared insecurely.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The examples place a JWT directly on the command line, which commonly exposes secrets through shell history, terminal scrollback, process listings, audit logs, and copied documentation. Because this token is a bearer credential, anyone who obtains it may be able to reuse it until expiry, making the example materially unsafe rather than merely inconvenient.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal