Oathe Security Badge

Is Acogkr/hoseo-lms safe?

https://clawhub.ai/Acogkr/hoseo-lms

85
SAFE

This skill appears to be a legitimate educational tool for Hoseo University students to manage LMS interactions, including course data aggregation and automated video lecture viewing. While it handles sensitive credentials and automates attendance tracking, no malicious security behavior was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM Local Credential Storage -25

The skill requires and stores university LMS credentials (student ID and password) in plaintext JSON format at ~/.config/hoseo_lms/credentials.json. While this is for legitimate authentication purposes, it represents sensitive data handling.

LOW Automated Attendance Tracking -25

The auto_attend.py module automates video lecture viewing to fulfill attendance requirements, which may violate university academic integrity policies regarding authentic participation.

LOW Browser Automation Dependency -10

The skill uses Playwright for browser automation, which is a powerful tool that could potentially be repurposed for other activities, though current usage appears legitimate.