Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BilimClass
v1.1.0Access BilimClass school platform (Kazakhstan) for schedule, homework, grades, and diary via API. Triggers on schedule/raspisanie/расписание, homework/domash...
⭐ 1· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, README, SKILL.md, and the script all align: the skill reads a local OpenClaw .env.json entry and calls BilimClass schedule and journal APIs. However, registry metadata (no required env/config) does not match the SKILL.md's explicit requirement of ~/.openclaw/.env.json; that mismatch should be clarified.
Instruction Scope
Instructions ask you to extract sensitive tokens (localStorage.token and an Authorization header) via browser DevTools and store them in ~/.openclaw/.env.json — this is expected for an unofficial client but is inherently sensitive. Additionally, a pre-scan flagged 'unicode-control-chars' in SKILL.md (prompt‑injection pattern), which could be used to hide or manipulate text; the presence of such characters in the runtime instructions is suspicious and should be examined (open SKILL.md in a hex/clean-text viewer).
Install Mechanism
Instruction-only skill plus a Python script; no install spec/downloading of arbitrary archives. Requires Python requests (checked at runtime). No remote install URLs or extracted archives were found.
Credentials
The skill requests a set of BilimClass-specific tokens and IDs (token, journalToken, schoolId, eduYear, userId, studentSchoolUuid, studentGroups). These are proportional to the stated purpose. Note: registry-level metadata didn't list these requirements, but SKILL.md explicitly requires the ~/.openclaw/.env.json file with these fields. Tokens are long‑lived (main token ~1 year) — storing them in a file increases risk if the file isn't protected.
Persistence & Privilege
The skill does not request always:true, does not attempt to modify other skills or system settings, and only reads a local OpenClaw .env.json. No elevated persistence or cross-skill config changes detected.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters according to the pre-scan. These are not necessary to implement an API client and can be used to hide or obfuscate content or perform prompt injection. Inspect the SKILL.md and README for zero-width or control characters before trusting the instructions.
What to consider before installing
This skill appears to be an unofficial BilimClass client that needs your BilimClass JWTs and account IDs stored in ~/.openclaw/.env.json. That is coherent with its purpose, but do the following before installing: 1) Inspect the SKILL.md and scripts/bilimclass.py in a plain-text/hex editor for hidden (zero-width) characters or unexpected instructions (pre-scan flagged unicode control chars). 2) Only provide tokens if you trust the code — these JWTs grant access to your BilimClass account; the main token is long-lived. 3) Keep ~/.openclaw/.env.json private (file permissions 600) and ensure it is gitignored. 4) Confirm the script only calls the two BilimClass endpoints shown (api.bilimclass.kz and journal-service.bilimclass.kz) — no other external hosts should appear. 5) If unsure, run the Python script locally without installing as a skill and observe network calls (use a network monitor or sandbox) before enabling as an OpenClaw skill. 6) Ask the publisher to fix the metadata mismatch (registry vs SKILL.md) and explain why unicode control chars are present; absence of a clear explanation increases risk.Like a lobster shell, security has layers — review code before you run it.
latestvk972xcsrq6n63h31hzvp9wj655849jea
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📚 Clawdis