ClawHub
Skill flagged β€” suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Magister 1

Fetch schedule, grades, and infractions from https://magister.net πŸ‡³πŸ‡± portal

MIT-0 Β· Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 19 · 0 current installs · 0 all-time installs
byAndrei Zaikin@ghuron
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report β†’
OpenClawOpenClaw
Benign
high confidence
βœ“
Purpose & Capability
Name/description request node and MAGISTER_HOST/MAGISTER_USER/MAGISTER_PASSWORD which are exactly what's needed to authenticate and call the Magister APIs; no unrelated services or binaries are requested.
β„Ή
Instruction Scope
SKILL.md only instructs running the included CLI commands. The implementation does create a local token cache file (.token_cache.json) and performs OIDC flows against accounts.magister.net; the README does not mention the cache file, so users should be aware tokens will be stored locally.
βœ“
Install Mechanism
No install spec β€” instruction-only (plus included JS files). It relies on node being present; nothing is downloaded from external URLs or installed automatically.
βœ“
Credentials
Only MAGISTER_HOST, MAGISTER_USER, MAGISTER_PASSWORD are required, which are appropriate for logging into Magister. Test files reference optional .env file paths for running integration tests, but the main CLI does not parse those files itself.
β„Ή
Persistence & Privilege
The skill writes a .token_cache.json in the same directory to store access tokens (keyed by host:user). It does not request system-wide privileges, nor is always:true set, but users should note local persistence of tokens.
Assessment
This skill is coherent with its description: it needs your Magister host, username, and password to perform the OIDC login and call Magister APIs. If you install/use it, be aware it will create a .token_cache.json file beside the script containing access tokens (remove or restrict permissions if you have concerns). Only run the included tests if you trust the repository and you understand they may read .parent.env/.child.env files for credentials. Verify MAGISTER_HOST is correct and that you trust the accounts.magister.net domain before supplying credentials.
βœ—
magister.test.mjs:40
Shell command execution detected (child_process).
βœ—
magister.mjs:22
Environment variable access combined with network send.
!
magister.mjs:15
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers β€” review code before you run it.

Current versionv1.0.5
Download zip
latestvk978ve84y218rjj5y24agtk0dx83162n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

πŸ‡² Clawdis
Binsnode
EnvMAGISTER_HOST, MAGISTER_USER, MAGISTER_PASSWORD

SKILL.md

Commands

node magister.mjs students                       # list students (works for parent and child credentials)
node magister.mjs schedule <id> <from> <to>      # schedule, YYYY-MM-DD dates
node magister.mjs grades <aanmelding_id> [top]   # grades (default top=50)
node magister.mjs infractions <id> <from> <to>   # absences

Flow

Run students first to get each student's id and aanmelding_id. Use id for schedule and infractions, aanmelding_id for grades.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…