ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Canvas Study Helper

v1.1.0

监控 Canvas 课程公告和作业,下载课程文件,并生成支持中文与数学公式的 Markdown 学习笔记和 PDF。

0· 407·1 current·1 all-time
byYuno Wang@huaruoji
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The scripts and SKILL.md match the described purpose (announcements, assignments, file download, Markdown→PDF). However the registry metadata declares no required binaries/env/configs while the instructions and scripts clearly require curl, python3, jq, pandoc, and TeX (xeLaTeX) and a cookie file (~/.canvas_cookie). The metadata omission is an incoherence the user should be aware of.
!
Instruction Scope
Runtime instructions ask the user to extract and store Canvas session cookies in plaintext (~/.canvas_cookie) and to start Chromium with remote debugging (port 9222) to facilitate cookie extraction. Enabling a remote-debugging port and persisting session cookies are sensitive actions: they can expose credentials to local processes and anyone with access to that port or file. The scripts otherwise only call the institution's Canvas API endpoints (no hidden remote endpoints).
Install Mechanism
There is no install spec (instruction-only with included scripts), so the skill does not download or write remote code during install. That lowers install-time risk. However the included scripts will write temporary files and may create files under the user's home when run.
!
Credentials
The skill declares no required env vars or config paths, yet the scripts require and use a plaintext cookie file at ${HOME}/.canvas_cookie and rely on system binaries (curl, python3, jq, pandoc, texlive). The md2pdf.sh script references an absolute path (/home/yuno/.openclaw/...) which is external to this skill and suggests a leftover dependency or author-specific path — unexpected and incongruent with the stated metadata.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide configurations. Autonomous invocation is allowed by default but is not by itself a new risk here.
What to consider before installing
Things to check and actions to take before installing/running: - Review and accept the trade-off of storing session cookies in plaintext: the scripts require you to put canvas_session and log_session_id into ~/.canvas_cookie. This file contains active session tokens; restrict its permissions (chmod 600), delete it when not needed, and avoid storing long-term credentials there. Prefer Canvas API tokens if your institution allows them. - Be cautious about enabling Chromium remote debugging (port 9222). Any local process (or attacker with local access) can control the browser/CDP and potentially extract cookies or run JS in pages. Only run this on a machine you trust and stop the browser when finished. - The registry metadata is incomplete: the skill actually depends on curl, python3, jq, pandoc and a TeX engine (xelatex / texlive-xetex / texlive-xecjk). Make sure these are installed from trusted sources before running the scripts. - The md2pdf.sh references an absolute author-specific path (/home/yuno/.openclaw/...). That path may be missing or point to another skill — inspect the script and either provide a safe CJK header or let the fallback generate one. Do not run the script until you understand where it reads header files from. - Inspect scripts line-by-line (they are shell scripts) for any commands you do not expect; the scripts will run shell commands (curl, pkill, rm) — avoid running them as root. - Operational hygiene: configure COURSE_IDS and CANVAS_DOMAIN yourself, run with a throwaway or ephemeral session where possible, and remove temp files after use. Consider sandboxing (VM) if you are unsure. What would change this assessment: if the publisher updates the package metadata to declare the required binaries and the cookie file usage, removes or documents the hard-coded /home/yuno path, and provides a safer, documented method for authentication (e.g., OAuth/token-based flow or an automated but secure CDP extraction that does not persist credentials), this would reduce incoherence and increase confidence that the skill is benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j07ty2f0bb5z2wrd1m24x9825g04

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments