ClawHub

Tmp.PcoO5QZUNf

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Infinite Campus parent-portal connector that handles sensitive student records, with documentation issues users should notice before installing.

Install only if you intend to let an MCP server access your own Infinite Campus parent/student records. Treat outputs as confidential student information, store credentials carefully, avoid shared LLM contexts, and clarify whether the package actually supports message sending before allowing any account action beyond reading and document download.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest description says the skill handles grades, assignments, attendance, messages, and documents, but omits other sensitive capabilities later documented in the file: behavior incidents, fees, and food service balance. Understating data access can mislead users or orchestrators about the scope of student information the skill may retrieve, increasing the chance of unintended disclosure of FERPA-sensitive data.

Description-Behavior Mismatch

Low
Confidence
81% confidence
Finding
The documentation states the skill can send messages, but the listed tools only show message-reading and document access operations. This mismatch creates ambiguity about whether the skill has write capabilities, which can impair informed consent and lead users to authorize a tool without understanding whether it can take actions on their behalf.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is broad enough to activate on many ordinary school-related requests, including generic phrases about grades, attendance, assignments, and messages. In the context of a skill that authenticates into a parent portal and accesses sensitive student records, over-broad triggering raises the risk of unnecessary invocation and unintended access to private data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill handles highly sensitive student information and documentation indicates capabilities involving message handling and downloading student documents, yet the description does not prominently warn about these higher-risk actions. In a student-portal context, failing to disclose action-taking and document-retrieval behavior can surprise users and increase the risk of exposing protected records or performing unintended account actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal