ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Moodle Connector

v2.0.0

Moodle REST API client, batch downloader, and MCP server for Claude Code integration. SSO-enabled with support for Azure AD, Google, and SAML.

0· 137·0 current·0 all-time
byJabir Iliyas Suraj-Deen@jabir-srj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The files implement a Moodle REST client, SSO flows, batch downloader, and an MCP server — which matches the skill name/description. However the registry metadata declares no required env vars or primary credential while the SKILL.md and code require SSO client secrets and an encryption password (MOODLE_CRED_PASSWORD). That mismatch is unexpected and reduces confidence in the metadata.
!
Instruction Scope
SKILL.md instructs installing Playwright and running browser-based SSO, storing an encryption password in claude_desktop_config.json, and putting tokens in config.json. The code will drive a browser, make network calls to Moodle and Microsoft login endpoints, save encrypted credentials to disk, and can be run as an MCP server. Instructions also recommend placing the encryption password in a config file (plaintext) — this exposes the key used to decrypt stored credentials. There are no instructions to avoid leaking that password, and the README suggests automation (Tampermonkey/CI) that could persist credentials.
Install Mechanism
There is no platform install spec in the registry (instruction-only), but package.json and SKILL.md instruct using pip and Playwright. Dependencies come from PyPI (requests, cryptography, playwright, mcp) and Playwright will fetch browser binaries. This is expected for a browser-driven SSO tool but does perform network downloads at install-time; no obscure or remote single-file download URLs were used.
!
Credentials
The skill legitimately needs SSO client IDs/secrets and an encryption password, and the SKILL.md documents these env vars. However the registry lists no required env vars. More importantly: (1) the code and SKILL.md encourage storing the encryption password in claude_desktop_config.json (plaintext), (2) config.json is used to store the Moodle web_service_token in plaintext, and (3) multiple places use a default/hard-coded password 'test-pass' (mcp_server.py and batch_downloader.py), which is insecure and inconsistent with SKILL.md's MOODLE_CRED_PASSWORD guidance. These practices increase the risk of credential exposure.
Persistence & Privilege
The skill is not force-included (always:false) and does not request system-wide privileges. The MCP server runs over stdio and does not modify other skills' configurations. Autonomous invocation (disable-model-invocation:false) is the platform default and is not by itself flagged. The main concern is user-provided configuration that may persist secrets.
What to consider before installing
This skill appears to implement the advertised Moodle features but has several red flags you should address before using it with real credentials: 1) The registry metadata lists no required env vars but the SKILL.md and code require SSO client IDs/secrets and an encryption password — assume you must supply them. 2) Do NOT store MOODLE_CRED_PASSWORD or client secrets in plaintext config files (the README currently suggests adding them to claude_desktop_config.json); instead provide them via a secure secret store or prompt at runtime. 3) The code includes insecure defaults: mcp_server.py and batch_downloader.py use a hard-coded 'test-pass' password which will fail to decrypt real credentials and is a security risk if left in production. Change/remove hard-coded defaults. 4) config.json can hold a Moodle web_service_token in plaintext — prefer encrypted storage or environment-based injection. 5) There is at least one obvious bug: batch_downloader.py uses os.getenv but does not import os (will crash). 6) Playwright will download browser binaries at install time — review network activity and run in an isolated environment if you test. 7) The source is listed as unknown/homepage none in the registry snapshot; verify the upstream repository and author before trusting or running. Recommended actions: review the code yourself (or have a developer do so), remove hard-coded passwords, avoid putting secrets into persistent plaintext config, test in a sandbox container, and only then run with real credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97107rgq3ewvdxw4p7fhhryfd83x5bw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments