Classlink

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClassLink integration that uses Membrane for authentication and API access, with a notable caution around broad raw API requests.

Install this only if you intend to let an agent work with ClassLink through Membrane. Prefer built-in Membrane actions, start with read-only discovery, and require explicit user approval before any POST, PUT, PATCH, or DELETE request that could change rosters, apps, access, or other ClassLink records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is broad enough that an orchestrator could invoke it for vague ClassLink-related mentions, increasing the chance of unnecessary access to sensitive school SSO or roster data. In this context, over-broad triggering is more dangerous because ClassLink commonly exposes student, teacher, and application-management data, so accidental invocation could lead to unintended queries or changes.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents a generic proxy request mechanism supporting POST, PUT, PATCH, and DELETE without guardrails, confirmation requirements, or warnings about destructive effects. Because this integration targets ClassLink and related educational records, an agent could issue unsafe direct API calls that modify or delete data, potentially impacting student rosters, apps, or access control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal