Back to skill

Security audit

hoseo-lms

Security checks across malware telemetry and agentic risk

Overview

This skill can log into a student LMS account and automatically play unfinished lectures, which is broader and riskier than its reporting-focused description suggests.

Review carefully before installing. Use it only if you are allowed to automate Hoseo LMS access and lecture playback under your institution's rules. Avoid passing passwords on the command line, protect or remove the credentials file when not in use, and run auto_attend only with explicit course and lecture limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities including local file reads/writes, network access, and shell execution examples, but no explicit permissions are declared in metadata. This creates a transparency and least-privilege problem: an agent or reviewer may underestimate what the skill can access or do, increasing the chance of unsafe execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The top-level description frames the skill as a reporting/data aggregation tool, but the documented behavior includes automated login, browser automation, and automatic playback of course videos to progress attendance-related content. This mismatch can mislead users and automated systems into approving a tool with materially more powerful and policy-sensitive behavior than advertised.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The README states the skill is for LMS data aggregation/reporting, but it explicitly includes functionality to automatically play uncompleted lectures to satisfy attendance. That creates a capability mismatch and indicates deceptive or policy-bypassing behavior beyond the declared purpose, increasing the risk of academic misconduct and unauthorized automation against the LMS.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Automated unattended playback is not necessary for data aggregation or reporting and is instead designed to simulate course participation. In the context of a university LMS, this is dangerous because it can be used to falsify attendance/completion records and violate institutional rules or platform terms.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The implementation materially contradicts the stated skill purpose. Rather than aggregating/reporting LMS data, it logs into the LMS, opens lecture popups, starts playback, polls video state, and waits for completion so attendance or course progress is marked automatically. In this context, the deception increases risk because it hides policy-violating automation behind an innocuous description, reducing the chance of user or reviewer scrutiny.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code contains purposeful automation to simulate lecture watching: it finds video frames, clicks play buttons, starts playback via JavaScript, resumes paused playback, and waits until the lecture ends. This is dangerous because it enables fraudulent attendance/completion marking and bypasses the intended educational workflow, potentially violating institutional rules and undermining auditability.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to store LMS credentials in a local JSON file containing a plaintext password, but does not provide strong security guidance beyond file permissions. This increases the chance of credential theft from local compromise, backups, shell history mistakes, or accidental disclosure, especially for student accounts tied to personal academic data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents automated collection of course, attendance, assignment, and quiz data into a local `data.json` file without an explicit privacy warning or retention guidance. This can expose sensitive academic metadata if the file is copied, indexed, shared with other tools, or left unprotected on disk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The examples tell users to pass student ID and password directly via command-line flags. Command-line arguments are often exposed through shell history, process listings, audit logs, and crash reports, which can leak credentials to other local users or monitoring tools.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill transmits LMS credentials during login without any visible user warning or consent flow in this code path. In an agent setting, undisclosed credential use can surprise users, increase phishing-style risk, and make sensitive account access easier to misuse if the skill is invoked unexpectedly.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The scraper stores detailed academic data to ~/.config/hoseo_lms/data.json without informing the user beforehand. Even with permissions tightened afterward, local persistence of grades, attendance, assignments, or course participation can expose personal educational data to other local processes, backups, or accidental sharing.

Credential Access

High
Category
Privilege Escalation
Content
| Flag | Default | Type | Description |
|------|---------|------|-------------|
| `--id` | credentials.json | string | Student ID |
| `--pw` | credentials.json | string | Password |
| `--course` | all | string | Course name filter |
| `--limit-lectures` | 0 | int | Number of videos to play (0=all) |
Confidence
93% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
| Flag | Default | Type | Description |
|------|---------|------|-------------|
| `--id` | credentials.json | string | Student ID |
| `--pw` | credentials.json | string | Password |
| `--course` | all | string | Course name filter |
| `--limit-lectures` | 0 | int | Number of videos to play (0=all) |
| `--max-week` | 15 | int | Final week to scan |
Confidence
93% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup and Configuration

### Create Credentials File

**Step 1: Create directory**
Confidence
88% confidence
Finding
Create Credentials File **Step 1: Create directory** ```bash mkdir -p ~/.config/hoseo_lms ``` **Step 2: Create credentials.json using terminal** #### Option A: Using cat (Linux/Mac) ```bash cat <

Session Persistence

Medium
Category
Rogue Agent
Content
#### Option D: Manual creation with text editor (All OS)

1. Create `~/.config/hoseo_lms/` directory
2. Create `credentials.json` file
3. Enter content:
```json
Confidence
88% confidence
Finding
Create `~/.config/hoseo_lms/` directory 2. Create `credentials.json` file 3. Enter content: ```json { "id": "YOUR_STUDENT_ID", "pw": "YOUR_PASSWORD" } ``` 4. Save file **Step 3: Set secure permis

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.