Back to skill

Security audit

Tmp.TZBLh1MWPh

Security checks across malware telemetry and agentic risk

Overview

This Canvas helper is purpose-aligned, but it deserves review because it recommends sensitive authentication methods that can expose Canvas sessions, credentials, and student records.

Install only if you trust the external MCP package and are comfortable granting access to Canvas records, messages, files, and linked student data. Prefer the least-sensitive authentication option available through your institution, avoid username/password or session-cookie modes unless necessary, and confirm local download paths before saving course files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
91% confidence
Finding
The skill explicitly instructs use of a browser extension and states that it reads live Canvas session cookies at startup, then also documents alternative credential and token-based authentication modes. Handling session cookies, passwords, refresh tokens, and client secrets without a prominent warning or trust boundary explanation creates real risk of credential theft, unauthorized account access, and inadvertent exposure of student educational records.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented tool `canvas_download_file(url, destinationPath)` can write arbitrary course files to disk, but the skill does not warn users that local file writes will occur or describe destination/path safety expectations. In an agentic environment, file-writing capabilities can cause unintended persistence of sensitive student documents or unsafe writes to user-specified locations.

Credential Access

High
Category
Privilege Escalation
Content
### Alternatives (env-var)

- **Personal access token** — set `CANVAS_TOKEN`. Most institutions have disabled this for non-admins.
- **OAuth** — set `CANVAS_CLIENT_ID`, `CANVAS_CLIENT_SECRET`, `CANVAS_REFRESH_TOKEN`. Bootstrap via `canvas-parent-mcp-qr-login`.
- **Username/password (session-scrape)** — set `CANVAS_USERNAME` + `CANVAS_PASSWORD`. Direct Canvas accounts only (no SSO/2FA). Brittle.
Confidence
90% confidence
Finding
access token

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.