Back to skill

Security audit

CanvasCLI

Security checks across malware telemetry and agentic risk

Overview

This Canvas CLI is mostly purpose-aligned, but it handles Canvas passwords and reusable login sessions in ways users should review carefully before installing.

Install only on a trusted single-user machine, avoid running debug-login unless you can protect and delete the /tmp debug files, and understand that anyone who obtains ~/.canvas-cli/config.json may be able to access your Canvas account or reuse your session. Prefer a version that uses an OS keychain or scoped token storage and provides a clear logout/session-clear command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The setup prompt tells users their login credentials will be stored locally, but the config schema also supports persisting session cookies in the same file. That creates a misleading disclosure boundary: users may believe only username/password are stored, while reusable authenticated session material may also be written to disk and later exposed through local compromise, backups, or accidental sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly documents storing the user's Canvas password and session cookies in a local config file, which normalizes a credential-handling pattern that can expose account access if the host is compromised, backups are leaked, or file permissions are misapplied. Even with 0600 permissions, plaintext secrets at rest materially increase risk because the password and reusable session tokens can be stolen without needing MFA again.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly notes that session cookies are saved after first login and reused without TOTP until expiry, but it does not present this as a security/privacy warning or describe the risks of local session theft. Cached authenticated sessions on disk can let another local user, malware, or backup/log leakage access the user's Canvas account without needing credentials or MFA, especially on shared or unmanaged systems.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
When debug mode is enabled, the client writes full HTML login pages and intermediate SSO responses to predictable files under /tmp and logs cookie values. Those artifacts can contain session tokens, hidden SAML fields, usernames, and other authentication data, which may be readable by other local users or recovered later from disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The client persists live session cookies into configuration for reuse without any disclosure, consent, encryption, or apparent OS-backed secret storage. Anyone who can read that config can replay the session and impersonate the user until the cookies expire or are revoked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code collects a Canvas username and password and stores them in plaintext JSON on disk, and the same config structure can also persist session cookies. Even with restrictive file permissions, plaintext secrets at rest materially increase the risk of account compromise from local malware, shared machines, backups, sync tools, or accidental disclosure.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal