ClawHub

D2L Brightspace

Security checks across malware telemetry and agentic risk

Overview

This Brightspace skill fits its LMS-management purpose, but it gives agents broad authenticated access that can change sensitive course and grade data without strong enough scoping or confirmation guidance.

Install only if you are comfortable granting the agent authenticated Brightspace access. Prefer predefined Membrane actions, use the proxy only when necessary, and require explicit confirmation before any grade, roster, submission, announcement, file, or course-content change or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough that an agent may select this skill for many loosely related requests involving educational data or workflows, even when the user did not intend to operate on Brightspace. Because the skill supports authenticated actions and raw proxy requests, over-triggering increases the chance of unintended access, modification, or disclosure of LMS data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly enables direct authenticated proxy access to arbitrary Brightspace API endpoints but does not warn that POST, PUT, PATCH, and DELETE requests can change or destroy data. In a skill that manages courses, users, submissions, grades, and content, this omission can lead an agent to perform destructive operations without adequate user awareness or confirmation.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal