Security audit

Moodle Student Sync

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses a Moodle token to fetch student course, grade, deadline, file, and notification data, with no evidence of hidden or destructive behavior.

Install only if you intend to let the skill access your Moodle account. Use a least-privilege Moodle token if available, keep MOODLE_TOKEN out of shared logs and screenshots, prefer HTTPS for MOODLE_URL, and store any exported reports in a private location.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly requires sensitive capabilities: network access to a Moodle instance, environment access to retrieve MOODLE_TOKEN, and likely file output for generated reports or sync snapshots, but it does not declare explicit permissions beyond compatibility metadata. This creates a transparency and governance gap: users or orchestrators may invoke a skill that can access private academic data and write outputs without a clear permission contract.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README instructs users to supply a Moodle web service token and sync academic data, but it does not warn that the token is sensitive or that synced data may include private student information such as grades, deadlines, course files, and announcements. This increases the likelihood of insecure handling, accidental disclosure in shells, logs, screenshots, or packaged artifacts, and misuse of a broadly scoped token.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation guidance says to use the skill for study planning or daily academic digests even when the user does not explicitly mention Moodle, which can cause over-broad triggering. In practice, that can lead the agent to access Moodle-backed private data such as grades, deadlines, and notifications when the user may only be asking for generic planning help.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill description does not warn that it accesses private educational records, including grades, deadlines, files, and notifications, using an authenticated Moodle token. Because this is student data that may be sensitive or regulated, lack of disclosure undermines informed consent and increases the risk of unexpected data access or over-collection.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal