Wilma
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Wilma school-system reader, but it uses stored login/MFA data and can expose sensitive student records to the agent.
Install this only if you trust the Wilma CLI package and want the agent to read Wilma data. Use explicit --student and date filters, avoid --all-students unless needed, protect ~/.config/wilmai/config.json, and be cautious with TOTP secrets and generated summaries.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent able to use this configured CLI may be able to read the associated Wilma account's student information.
The skill relies on local Wilma authentication material, including optional stored MFA seed material, to access the user's school account.
“This stores Wilma session credentials for accessing student data.” / “Save TOTP secret for automatic login”
Use it only on a trusted machine, protect the config file, avoid pasting TOTP secrets into shared chats or logs, and clear the Wilma config when access is no longer needed.
Sensitive student information could be summarized, copied, or retained in conversation history depending on the agent environment.
The retrieved Wilma data can include private educational records, messages, attendance notes, and grades that will enter the agent's working context and outputs.
“Fetch schedules, homework, exams, grades, attendance/lesson notes (merkinnät), messages, and news”
Limit requests to the needed student and date range, avoid --all-students unless necessary, and do not share generated summaries outside the intended audience.
The installed CLI is trusted with school login material and student data, so package provenance matters.
The main runtime is an external npm CLI package rather than code fully included in the artifact set; the provided metadata also lists the source as unknown and homepage as none.
“node | package: @wilm-ai/wilma-cli | creates binaries: wilma”
Verify the npm package and maintainer before installing, consider pinning a known version, and review updates before running them.
If this helper were run without the expected binary installed from an unexpected directory, it could execute unintended local JavaScript.
The wrapper has a fallback that executes a Node script relative to the current working directory if the wilma/wilmai binaries are missing.
node "$(pwd)/packages/wilma-cli/dist/index.js" "$@"
Prefer the installed wilma binary; maintainers should remove this fallback or make it script-directory-relative and packaged with reviewed code.