ClawHub

Canvas Study Helper

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Canvas study-helper purpose, but it asks users to handle live Canvas session cookies in an unsafe local workflow that deserves review before installation.

Install only if you are comfortable storing a live Canvas login session locally. Prefer an official Canvas API token or OAuth if your institution supports it; if you use this skill, restrict ~/.canvas_cookie to 0600, verify the Canvas domain before running, keep the cookie short-lived, stop the debugging browser after use, and consider changing the scripts to parse cookie values as data instead of sourcing the file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The skill explicitly instructs users to store live Canvas session cookies in a local file, which are bearer credentials that can grant account access if exposed. Although it warns not to store cookies in the skill itself, normalizing file-based session handling increases the chance of credential leakage through weak file permissions, backups, shell history, or accidental sharing.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script executes the cookie file with `source`, which treats its contents as shell code rather than inert configuration data. If an attacker can modify `${HOME}/.canvas_cookie` or trick the user into pasting malicious content into it, arbitrary commands will run with the user's privileges before any Canvas checks occur.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script reads live session cookies from a local file and sends them to remote Canvas API endpoints, but provides no explicit warning that it is handling authentication material. In this skill context, those cookies are high-value credentials; accidental disclosure, reuse on the wrong host, or unsafe storage could expose the user's Canvas account.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal