CanvasCLI
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: canvascli Version: 1.0.0 The canvas-cli tool exhibits several high-risk security vulnerabilities, most notably storing the user's Canvas password in plain text within the local configuration file `~/.canvas-cli/config.json` (`internal/config/config.go`). The `download` command in `cmd/files.go` lacks path sanitization for the output flag (`-o`), creating a path traversal risk that could allow an attacker or a malicious prompt to overwrite sensitive local files. Furthermore, the authentication logic in `internal/api/client.go` contains hardcoded parameters and logic specifically for the 'Tec de Monterrey' institution (e.g., the `itesm64` field), which is unusual for a tool marketed as a general-purpose Canvas LMS client.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can read this config file, backups, or synced home-directory data could potentially access the user's Canvas account.
The skill persists the user's Canvas password and reusable session cookies in a local JSON file. File mode 0600 helps, but raw account credentials and cookies remain high-impact secrets, and the registry metadata declares no primary credential.
type Config struct { APIURL string `json:"api_url"`; Username string `json:"username"`; Password string `json:"password"`; Cookies []SavedCookie `json:"cookies,omitempty"` } ... return os.WriteFile(ConfigPath(), data, 0600)Use a safer credential flow such as OAuth/API tokens or the OS keychain, avoid storing the raw password, clearly declare the credential requirement in metadata, and provide a documented way to clear saved sessions.
Running debug-login could expose credentials or login assertions in terminal output or temporary files on the local machine.
In debug login mode, the code masks Ecom_Password but not the base64 password field itesm64, and it writes login/SAML response HTML to /tmp with mode 0644. These debug artifacts may contain sensitive authentication material.
form.Set("itesm64", encodedPassword) ... if k == "Ecom_Password" { val = "***" } ... c.debugf(" %s = %s", k, val) ... os.WriteFile("/tmp/canvas_step3.html", postBody, 0644)Mask all credential-equivalent fields, avoid writing SAML/login responses to shared temporary locations, use restrictive temporary files, and document any debug artifacts clearly.
A mistaken or autonomous agent invocation could post a discussion reply or submit coursework under the user's identity.
The discussion reply command posts directly to Canvas when invoked. The skill also advertises submission commands, but the provided instructions do not require an explicit confirmation step before mutating the user's academic account.
data, err := client.POST(fmt.Sprintf("/courses/%s/discussion_topics/%s/entries", courseID, topicID), form)Make read-only behavior the default for agents, require explicit user confirmation before posting or submitting, and document write actions as high-impact.
Users have less ability to verify the origin, updates, or maintenance history of a tool that will handle their Canvas login.
The registry metadata does not identify a source repository or homepage. That does not show malicious behavior, but it reduces provenance assurance for software that handles account credentials.
Source: unknown; Homepage: none
Install only from a trusted source, verify the code before building, and prefer packages with clear repository, release, and maintainer information.