Back to skill

Security audit

Canvas LMS Student Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Canvas LMS helper, but it should be used carefully because it handles a Canvas API token and private course data.

Install only if you want an agent to access your Canvas account. Treat CANVAS_API_TOKEN like a password, keep any config file private, avoid broad prompts if you do not want Canvas queried, and choose trusted output folders for downloaded course materials or calendar exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to place a long-lived Canvas API token in environment variables or a local config file, but it does not warn about token sensitivity, file permissions, shell history exposure, or accidental commits. Because Canvas tokens can grant access to course data associated with the student account, poor handling could lead to credential leakage and unauthorized access to academic information.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger phrases can cause the skill to activate on ordinary academic-language prompts without clear user intent to access Canvas or use stored credentials. In a system with automatic tool invocation, that can lead to unnecessary access of educational records, grades, assignments, or course files and increase privacy risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Use' section includes very broad examples like 'help me write my essay' and generic keywords like 'assignment' or 'materials', which could capture non-Canvas requests. This raises the chance of overbroad activation and unauthorized retrieval of student data or local file downloads when the user did not specifically request LMS access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The 'AI-Assisted Writing' guidance explicitly highlights assignment descriptions and rubrics as inputs for assignment completion, but provides no guardrails around academic integrity. In a student Canvas skill, this context makes the omission more dangerous because it can facilitate policy-violating ghostwriting or cheating workflows using authoritative course prompts and grading criteria.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation explicitly promotes downloading and indexing Canvas content across enrolled courses, but provides no guidance on handling student or course data safely. In a student-facing LMS skill, this can normalize broad local caching of potentially sensitive academic records, announcements, and assignment details, increasing the risk of unintended retention, oversharing to other tools, or use beyond the minimum data needed.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The wrapper exposes `download_files` and `export_calendar`, which can write files to caller-supplied output paths, but the wrapper provides no user-facing indication that local filesystem changes may occur. In an agent setting, this can lead to surprising file creation or overwriting behavior, especially if the agent passes untrusted or unintended paths.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.