ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coursera Progress

v0.1.0

Fetch and display Coursera course enrollment, completion progress, grades, certificates, and upcoming deadlines using the Coursera API. Use this skill whenev...

0· 105·0 current·0 all-time
byThe Mooorish@elmoorish

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for elmoorish/coursera-progress.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Coursera Progress" (elmoorish/coursera-progress) from ClawHub.
Skill page: https://clawhub.ai/elmoorish/coursera-progress
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: [object Object]
Required binaries: curl, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install coursera-progress

ClawHub CLI

Package manager switcher

npx clawhub@latest install coursera-progress
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the actions in SKILL.md: it uses curl/python3 to call Coursera API endpoints and requires Coursera API credentials for personal data. However, the registry metadata shown to you has a parsing error ('Required env vars: [object Object]...') which does not match the SKILL.md; also the registry lists no primary credential while the skill clearly needs client credentials or an access token.
!
Instruction Scope
The instructions are scoped to Coursera endpoints (api.coursera.com and coursera.org) and show explicit curl commands. But SKILL.md marks COURSERA_ACCESS_TOKEN as optional (public lookup path B), yet the provided Python helper unconditionally reads os.environ['COURSERA_ACCESS_TOKEN'] (will raise if unset). That is an inconsistency that could cause runtime errors or lead an agent to prompt for/pull a token unexpectedly. Otherwise the instructions do not reference unrelated files or unexpected external endpoints.
Install Mechanism
This is instruction-only: no install spec, no code files are written to disk. Required binaries (curl, python3) are reasonable and proportional to the task.
!
Credentials
The SKILL.md legitimately needs COURSERA_CLIENT_ID and COURSERA_CLIENT_SECRET (to exchange for a token) and may use COURSERA_ACCESS_TOKEN. That set is proportionate to the task. However the registry metadata presented to you is malformed (envs show '[object Object]' entries) and there is no declared primary credential; these metadata issues make it unclear what the platform will ask you to supply. Also the helper code assumes an access token exists even though the doc calls it optional.
Persistence & Privilege
The skill is not always-enabled and has no install actions; it does not request persistent system privileges or write configuration. Autonomous invocation is allowed (platform default) but not combined with other high-risk factors.
What to consider before installing
This skill's behavior (calling Coursera APIs with curl/python) is consistent with its description, but there are two issues to resolve before trusting it: (1) the registry metadata shown to you is corrupted — verify that the skill actually requests COURSERA_CLIENT_ID and COURSERA_CLIENT_SECRET (and whether COURSERA_ACCESS_TOKEN is required) in the installer UI; (2) the included Python helper assumes COURSERA_ACCESS_TOKEN is present even though the docs say it's optional, so the skill could prompt for or attempt to use a token unexpectedly. If you proceed, only provide credentials you intend to share: prefer using short-lived access tokens, review the token-exchange curl command before running it, and verify the only network endpoints contacted are api.coursera.com / coursera.org. If unsure, ask the skill author to fix the metadata and make the helper code check for the token before using it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl, python3
Env[object Object], [object Object], [object Object]
latestvk973z2dr8r473wbgqpqs8xj1vx83d90t
105downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
The Mooorish@elmoorish
latest
Download

Coursera Progress Skill

Fetch enrollment status, grades, deadlines, and certificates from Coursera via the Coursera REST API v1.

Authentication setup

Coursera uses OAuth 2.0. Two paths:

Path A — Personal access (for learners)

  1. Go to coursera.org/account/api → Generate key
  2. Note the Client ID and Client Secret
  3. Get a token (client credentials flow):
export COURSERA_CLIENT_ID="your_client_id"
export COURSERA_CLIENT_SECRET="your_client_secret"

COURSERA_ACCESS_TOKEN=$(curl -s -X POST \
  "https://api.coursera.com/oauth2/client_credentials/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=$COURSERA_CLIENT_ID&client_secret=$COURSERA_CLIENT_SECRET" \
  | python3 -c "import json,sys; print(json.load(sys.stdin)['access_token'])")

export COURSERA_ACCESS_TOKEN

Path B — Unofficial API (no key needed)

Coursera's public endpoints don't require auth for some queries. Use when the user hasn't set up credentials.

Base URL and headers

https://api.coursera.com/api

AUTH_HEADER="Authorization: Bearer $COURSERA_ACCESS_TOKEN"

Core API calls

Get enrollments for a user

# Get your own user ID first
curl -s "https://api.coursera.com/api/users/v1/me" \
  -H "$AUTH_HEADER"

# Then fetch enrollments
curl -s "https://api.coursera.com/api/enrollments.v1?userId=USER_ID&fields=courseId,enrolledAt,grade,completedAt,certificateCode" \
  -H "$AUTH_HEADER"

Get course details by ID

curl -s "https://api.coursera.com/api/courses.v1?ids=COURSE_ID_1,COURSE_ID_2&fields=name,slug,description,specializations" \
  -H "$AUTH_HEADER"

Get on-demand course progress

curl -s "https://api.coursera.com/api/onDemandCourseCompletions.v1?userId=USER_ID&courseId=COURSE_ID&fields=progressPercent,completedAt,grade" \
  -H "$AUTH_HEADER"

Get assignment deadlines

curl -s "https://api.coursera.com/api/onDemandDeadlineSchedules.v1?courseId=COURSE_ID&fields=deadlineSchedule,moduleIds" \
  -H "$AUTH_HEADER"

Get certificate info

curl -s "https://api.coursera.com/api/certificates.v1?userId=USER_ID&fields=courseId,issuedAt,verifyUrl,grade" \
  -H "$AUTH_HEADER"

Search for courses

curl -s "https://api.coursera.com/api/courses.v1?q=search&query=SEARCH_TERM&fields=name,slug,partnerIds,primaryLanguages" \
  -H "$AUTH_HEADER" \
  | python3 -m json.tool

Displaying results

Active enrollments summary:

Your Coursera Courses
─────────────────────────────────────────────────────
📚 Machine Learning Specialization (Stanford/DeepLearning.AI)
   Progress: 68% complete   Grade: 91.4%
   Next deadline: Mar 28 — Week 4 Programming Assignment

📚 Python for Everybody (University of Michigan)
   Progress: 100% ✅  Grade: 96.7%
   Certificate: Issued Jan 12, 2026
   Verify: https://coursera.org/verify/XXXX

📚 SQL for Data Science (UC Davis)
   Progress: 23%  Grade: —
   Next deadline: Apr 3 — Module 2 Quiz
─────────────────────────────────────────────────────
Certificates earned: 1   Active courses: 2

Upcoming deadlines:

Deadlines (next 14 days):
  Mar 28  Week 4 Programming Assignment  — Machine Learning
  Apr 3   Module 2 Quiz                 — SQL for Data Science
  Apr 10  Peer Review Submission        — Machine Learning

Without API credentials (public lookup)

For course search and public course info:

# Public course info (no auth)
curl -s "https://api.coursera.com/api/courses.v1?q=search&query=python&includes=instructors&fields=name,partnerIds,instructorIds,primaryLanguages,workload" \
  | python3 -m json.tool

For personal data (grades, certificates), credentials are required.

Python helper for parsing progress

import json, subprocess, os

def get_enrollments(user_id):
    token = os.environ["COURSERA_ACCESS_TOKEN"]
    r = subprocess.run(
        ["curl", "-s",
         f"https://api.coursera.com/api/enrollments.v1?userId={user_id}"
         f"&fields=courseId,enrolledAt,grade,completedAt,certificateCode",
         "-H", f"Authorization: Bearer {token}"],
        capture_output=True, text=True)
    return json.loads(r.stdout).get("elements", [])

def upcoming_deadlines(enrollments, days=14):
    from datetime import date, timedelta
    cutoff = (date.today() + timedelta(days=days)).isoformat()
    # Parse deadlines per course and filter by date
    ...

Error handling

ErrorMeaningFix
401 UnauthorizedToken expired or missingRe-run token generation step
403 ForbiddenScope missing on keyRegenerate API key with correct scopes
Empty elements arrayNo enrollments foundConfirm correct user ID
Rate limit (429)Too many requestsBack off 30s; Coursera is ~100 req/min

Comments

Loading comments...