ClawHub

Snu Canvas Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for SNU Canvas CLI use, but it delegates real LMS access and token handling to an unbundled local Go CLI outside the reviewed package.

Install only if you trust and have reviewed the local lx-agent repository that `LX_AGENT_ROOT` points to. Keep Canvas tokens in local config or environment variables, never paste them into chat, and run bot or serve modes only when you intentionally want a long-running process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill claims to operate specifically on SNU's Canvas LMS and to validate the configured URL first, but the documented bridge accepts an arbitrary lx-agent subcommand and does not itself enforce any SNU- or Canvas-specific restriction. This mismatch is dangerous because an agent may trust the description and invoke broader functionality than intended, including commands or targets outside the declared scope.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill says access must be CLI-only and forbids direct HTTP calls to Canvas APIs, but later instructs the agent to run curl and DNS tools directly. Even if intended only for diagnostics, this contradiction weakens safety boundaries and can normalize unsanctioned direct network access outside the CLI's authentication, logging, and guardrails.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The interface metadata refers to 'LearningX CLI' and 'lx-agent Telegram/LearningX CLI' while the skill is described as operating SNU Canvas at etl.snu.ac.kr. This product/domain mismatch can mislead users or downstream agents into invoking the wrong tool, trusting the wrong endpoint, or applying incorrect safety assumptions, which is especially risky for an LMS integration handling course data and API configuration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal