Coursera Progress

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Coursera progress helper that reads Coursera learning data only when the user provides Coursera API credentials.

Install this only if you want an agent to use your Coursera API token to view enrollments, grades, deadlines, and certificates. Keep the client secret and access token private, expose them only in environments where Coursera access is intended, and revoke or rotate them when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill handles sensitive personal learning data and credentials, but it does not include an explicit user-facing privacy notice or consent boundary for accessing grades, deadlines, and certificates. In an agent setting, that can cause users to expose account-linked educational data without understanding what is being retrieved or transmitted to a third-party API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal