Ohio State API
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a read-only helper for public Ohio State data, with the main user-visible risks being optional npm/MCP setup and outbound requests to OSU public APIs.
This looks safe for public OSU data lookups. Before installing the optional MCP server, be comfortable with running npm install/build, and keep usage focused on public content.osu.edu API data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may retrieve and summarize public OSU API data, including directory or campus service results, when asked.
The skill directs the agent/user to make outbound HTTP requests and expose API results as tool output. This is expected for the stated public OSU data purpose and is scoped in examples to content.osu.edu.
Use the bundled fetch helper to pull JSON from OSU Content APIs... `curl -sS -H 'accept: application/json' 'https://content.osu.edu/v2/api/v1/dining/locations'`
Use the skill for intended OSU public-data lookups and review raw results before relying on them for important decisions.
If you choose the MCP server option, your system will install npm packages needed to run the local server.
The optional MCP server setup asks the user to install Node dependencies and build local code. This is disclosed and purpose-aligned, but it introduces normal package-supply-chain considerations.
Build it: - `cd ohio-state-api/mcp-server && npm install && npm run build`
Install from a trusted copy of the skill, review package.json/lockfile if desired, and prefer reproducible installs when configuring the MCP server.