Back to skill

Security audit

Canvas LMS IDP Auto Token Refresh

Security checks across malware telemetry and agentic risk

Overview

This skill appears built for Canvas token refresh, but it handles institutional passwords and leaves sensitive token/session artifacts on disk by default.

Install only if you intentionally want this tool to use your institutional SSO password to create Canvas API tokens. Keep .env and token files outside repositories, restrict file permissions, delete or protect debug_output after every run, use cleanup-dry-run before deleting old tokens, and prefer institution-approved OAuth or scoped service-account flows if available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s invocation text explicitly encourages use for 'any Canvas LMS deployment behind an institutional SSO,' even though the flow is tailored to a specific CAS/SAML + RSA-password-login pattern. Overly broad triggers can cause an agent to apply credential-replay automation in environments it was not validated for, increasing the chance of mishandling credentials, breaking authentication flows, or performing unauthorized login/token operations against third-party institutional systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation promotes automatic cleanup of old tokens by purpose as part of the standard flow, but does not provide a strong warning that this is a destructive action that can revoke active credentials used by other tools or sessions. In a shared or multi-automation environment, this can cause unintended denial of service, account access disruption, or removal of audit-relevant tokens.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes raw response bodies, authentication workflow data, token creation responses, and cookie data to local files in a predictable debug directory. Even though cookie values are masked in one helper, other dumped artifacts may contain login tokens, CSRF values, account data, or newly created API tokens, creating a substantial local secret exposure risk if the machine, workspace, or logs are accessible to others.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pycryptodome>=3.20.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pycryptodome>=3.20.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
beautifulsoup4>=4.12.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pycryptodome>=3.20.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
pycryptodome>=3.20.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
pycryptodome>=3.20.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
python-dotenv>=1.0.1

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.