Digiforma
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a straightforward Digiforma API query guide, but it uses a Digiforma bearer token and can retrieve trainee, trainer, and invoice data.
Before installing, confirm you trust this instruction-only skill, provide only an appropriately scoped Digiforma API key, and use it for specific authorized queries because outputs may include trainee contact details and invoice information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token has broad permissions, the agent may be able to read sensitive Digiforma business records and personal contact data.
The skill relies on a Digiforma API token, so its access depends on the permissions associated with that token.
All requests use Bearer token auth. The API key is stored in environment variable `DIGIFORMA_API_KEY`.
Use the least-privileged or read-only Digiforma API key available, store it securely, and avoid sharing outputs that contain personal or financial data.
A vague user request could lead to broader data retrieval than intended, such as listing many trainees or invoices.
The skill instructs the agent to make raw GraphQL API requests using curl. This is expected for the purpose, but it gives flexible query capability.
Use curl: curl -s -X POST https://app.digiforma.com/api/v1/graphql ... -d '{"query": "YOUR_GRAPHQL_QUERY"}'Ask for specific, read-only queries and review broad exports before using or sharing the results.
Results may contain personal data and business financial information from Digiforma.
The documented queries access personal trainee contact information and invoice details.
{ trainees(perPage: 20, page: 1) { items { id firstName lastName email phone } ... } } ... { invoices(perPage: 20, page: 1) { items { id number amount status dueDate company { name } } ... } }Only run queries for users who are authorized to view the requested Digiforma records, and minimize unnecessary fields such as phone numbers or invoice amounts.