canvas-lms

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] No direct malicious code is present in the instruction text itself, and the requested permissions (Canvas base URL + API token) match the stated purpose. However, the instructions require running remote code via `npx @imazhar101/mcp-canvas-server` and adding an MCP connector without clarity on where the connector runs or how tokens are stored. These factors create a supply‑chain and credential‑exposure risk. Recommend: avoid copying tokens into inline commands, run and audit the npx package source before execution, pin package versions or use a vetted local installer, and verify that MCP connectors run locally and do not forward tokens to third‑party infrastructure. Given these issues, label the artifact suspicious (supply‑chain/credential risk) rather than clearly malicious. LLM verification: No direct malicious code is present in the SKILL.md content itself. However, the skill instructs users to run a third-party npx package (@imazhar101/mcp-canvas-server) and to pass their Canvas API token into that process. That pattern introduces a significant supply-chain/trust risk: the remotely-fetched package could access or exfiltrate tokens or Canvas data. The functionality requested (API token and base URL) is appropriate, but the execution/install method (npx unpinned remote package with