CanvasCLI
WarnAudited by ClawScan on May 10, 2026.
Overview
CanvasCLI appears purpose-aligned for Canvas LMS, but it stores reusable Canvas credentials locally and exposes write actions like replies/submissions without built-in confirmation safeguards.
Use this only if you trust the source and are comfortable storing your Canvas password and cookies in ~/.canvas-cli/config.json. Avoid debug-login unless the credential-masking issues are fixed, and require explicit approval before allowing an agent to run submit or reply commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can read this config file, backups, or synced home-directory data could potentially access the user's Canvas account.
The skill persists the user's Canvas password and reusable session cookies in a local JSON file. File mode 0600 helps, but raw account credentials and cookies remain high-impact secrets, and the registry metadata declares no primary credential.
type Config struct { APIURL string `json:"api_url"`; Username string `json:"username"`; Password string `json:"password"`; Cookies []SavedCookie `json:"cookies,omitempty"` } ... return os.WriteFile(ConfigPath(), data, 0600)Use a safer credential flow such as OAuth/API tokens or the OS keychain, avoid storing the raw password, clearly declare the credential requirement in metadata, and provide a documented way to clear saved sessions.
Running debug-login could expose credentials or login assertions in terminal output or temporary files on the local machine.
In debug login mode, the code masks Ecom_Password but not the base64 password field itesm64, and it writes login/SAML response HTML to /tmp with mode 0644. These debug artifacts may contain sensitive authentication material.
form.Set("itesm64", encodedPassword) ... if k == "Ecom_Password" { val = "***" } ... c.debugf(" %s = %s", k, val) ... os.WriteFile("/tmp/canvas_step3.html", postBody, 0644)Mask all credential-equivalent fields, avoid writing SAML/login responses to shared temporary locations, use restrictive temporary files, and document any debug artifacts clearly.
A mistaken or autonomous agent invocation could post a discussion reply or submit coursework under the user's identity.
The discussion reply command posts directly to Canvas when invoked. The skill also advertises submission commands, but the provided instructions do not require an explicit confirmation step before mutating the user's academic account.
data, err := client.POST(fmt.Sprintf("/courses/%s/discussion_topics/%s/entries", courseID, topicID), form)Make read-only behavior the default for agents, require explicit user confirmation before posting or submitting, and document write actions as high-impact.
Users have less ability to verify the origin, updates, or maintenance history of a tool that will handle their Canvas login.
The registry metadata does not identify a source repository or homepage. That does not show malicious behavior, but it reduces provenance assurance for software that handles account credentials.
Source: unknown; Homepage: none
Install only from a trusted source, verify the code before building, and prefer packages with clear repository, release, and maintainer information.