Ohio State API
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ohio-state-api Version: 0.1.0 The skill bundle is designed to fetch public data from The Ohio State University Content APIs. All network requests in the `osu-fetch.mjs` script and the MCP server TypeScript files (`mcp-server/src/*.ts`) are strictly confined to `https://content.osu.edu`. There is no evidence of data exfiltration, malicious command execution, persistence mechanisms, or prompt injection attempts against the agent. The `SKILL.md` and `mcp-server/README.md` provide clear, benign instructions for using the skill, and the `pnpm-lock.yaml` ensures dependency integrity.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may retrieve and summarize public OSU API data, including directory or campus service results, when asked.
The skill directs the agent/user to make outbound HTTP requests and expose API results as tool output. This is expected for the stated public OSU data purpose and is scoped in examples to content.osu.edu.
Use the bundled fetch helper to pull JSON from OSU Content APIs... `curl -sS -H 'accept: application/json' 'https://content.osu.edu/v2/api/v1/dining/locations'`
Use the skill for intended OSU public-data lookups and review raw results before relying on them for important decisions.
If you choose the MCP server option, your system will install npm packages needed to run the local server.
The optional MCP server setup asks the user to install Node dependencies and build local code. This is disclosed and purpose-aligned, but it introduces normal package-supply-chain considerations.
Build it: - `cd ohio-state-api/mcp-server && npm install && npm run build`
Install from a trusted copy of the skill, review package.json/lockfile if desired, and prefer reproducible installs when configuring the MCP server.