ClawHub
Back to skill
v2.1.1

Infinitecampus Mcp

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:43 PM.

Analysis

The skill is coherent for accessing Infinite Campus data, but it requires Campus Parent credentials and can access/download sensitive student records, so it should only be installed from a trusted source.

GuidanceBefore installing, make sure you trust the npm/GitHub source and understand that the server will receive your Campus Parent username and password and can retrieve sensitive student records. Prefer a pinned package version, use the correct district portal URL, and review any document downloads or message-opening actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
SKILL.md
"command": "npx",
"args": ["-y", "infinitecampus-mcp"]

The recommended setup fetches and runs the npm package through npx. This is disclosed and purpose-aligned, but it means the package supply chain is trusted with the portal credentials.

User impactIf the npm package or its release path were compromised, the server process would receive your Infinite Campus credentials.
RecommendationUse the published package only if you trust its source; consider pinning a reviewed version instead of relying on an unversioned npx command.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
README.md
Tools that the harness will gate as write/IO operations: `ic_download_document`.

The skill includes a document download tool that writes portal documents to disk. The artifact discloses this and expects gating.

User impactThe agent can save sensitive school documents locally when that tool is approved or invoked through the host's permission flow.
RecommendationReview download destinations and document names before approving downloads, and store downloaded records securely.
Tool Misuse and Exploitation
SeverityLowConfidenceMediumStatusNote
docs/endpoints.md
could not confirm whether fetching the body marks the message as read — some district configurations may do so

A message-reading tool may have a small portal-side side effect even though it is treated as read-only.

User impactOpening a message through the agent could potentially change its unread/read state in some district portals.
RecommendationIf unread status matters, ask before opening individual messages or verify portal behavior for your district.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
README.md
IC_USERNAME=parent@example.com
IC_PASSWORD=...

Linked districts (via CUPS SSO) are auto-discovered after primary login

The server uses the user's Campus Parent credentials and may access linked districts after login. That is expected for the purpose, but it is sensitive delegated account access.

User impactAnyone running this server with your credentials can retrieve sensitive student records available to that Parent account, including linked districts.
RecommendationInstall only from a trusted source, keep the password secret, and change/revoke the password if you stop using the MCP server or suspect exposure.