ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ofek Galim

v0.1.4

Check, monitor, and summarize student homework/tasks from Webtop (SmartSchool), Galim Pro, and Ofek. Use when the user asks to inspect homework, pending task...

1· 123·0 current·0 all-time
by@shaike1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shaike1/ofek-galim.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ofek Galim" (shaike1/ofek-galim) from ClawHub.
Skill page: https://clawhub.ai/shaike1/ofek-galim
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ofek-galim

ClawHub CLI

Package manager switcher

npx clawhub@latest install ofek-galim
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements scraping for Ofek, Galim and a Webtop fetcher and a Google Calendar sync — which aligns with the description. However the registry metadata declares no required env vars/configs, while the scripts clearly expect local credential env files (webtop-galim.env or galim.env) and a Google service-account JSON. Also SKILL.md and README mention helper scripts (auto_update_flow.py, galim_probe.py) and WhatsApp automation, but those files or WhatsApp-sending code are not present in the packaged file list — mismatch between claimed files/capabilities and what's actually included.
!
Instruction Scope
Runtime instructions and scripts instruct the agent to load local env files containing students' usernames/passwords and to run Playwright scrapers that log in to Ministry of Education SSO using those credentials. They also instruct using a Google service account JSON to create calendar events. These actions involve sensitive credentials (students' IDs/passwords and a Google service account) — appropriate for the feature but not declared in the skill metadata. The Webtop fetcher references an external script path (/root/.openclaw/skills/pywebtop-skill/webtop_homework_fetcher.py) which is outside the skill; that introduces a hidden dependency and potential surprise behavior.
Install Mechanism
This is an instruction-only skill (no install spec). The package includes Python scripts but provides no automated dependency install (e.g., Playwright or google-auth). No downloads from external URLs are executed by the provided install.sh (it only creates an env template). That reduces supply-chain risk, but the scripts require environment setup that the package does not perform.
!
Credentials
The skill requires highly sensitive secrets: student usernames/passwords (OFEK/GALIM) and optionally a Google service account file (GOOGLE_SA_FILE) for calendar sync. Those are reasonable for the described functionality, but the registry metadata lists no required env vars or config paths — a clear mismatch. Also SKILL.md mentions WhatsApp group configuration (OFEK_GALIM_WHATSAPP_GROUP) but no sending implementation is present in the code, creating ambiguity about what secrets/config are actually needed.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It runs as invoked and prints or posts calendar events; calendar access requires a service account key (high privilege) but that is coherent with the calendar sync feature. No code in the package attempts to permanently enable itself or alter system-wide settings.
What to consider before installing
This skill appears to do what it claims (scrape Ofek/Galim and optionally sync Galim tasks to Google Calendar), but there are several red flags you should check before installing or running it: - Secrets and envs: the scripts expect per-child usernames/passwords stored in a local env file and (for calendar sync) a Google service-account JSON. The skill registry metadata did not declare these required credentials — ensure you understand where credentials are read from and don't point a shared/production secret at it unintentionally. - Missing / referenced files: webtop_fetch_summary.py calls /root/.openclaw/skills/pywebtop-skill/webtop_homework_fetcher.py (an external dependency). SKILL.md also mentions helper scripts (auto_update_flow.py, galim_probe.py, WhatsApp flow) that are referenced in docs but are not included in the package. Confirm those dependencies exist and inspect them before running. - WhatsApp automation: the README mentions sending WhatsApp updates and a WhatsApp group env variable, but I couldn't find code that performs WhatsApp posting. If you expect automatic messaging, verify where that implementation lives and review it. - Permissions: calendar sync uses a Google service account file — if you provide one, it can create events on the configured calendar. Limit that service account's privileges to only the calendar you intend to use. - Local testing: run the scripts in a safe environment first using dry-run options (sync_galim_calendar.py has --dry-run) and inspect outputs. Do not put real child credentials into an environment until you confirm the code and dependencies (Playwright, browsers, google-auth) are installed and you understand where secrets are stored. If you want, I can list the exact lines that reference env paths, the Google SA file, and the external webtop script, or check for the presence of the missing referenced files in the package you provided.

Like a lobster shell, security has layers — review code before you run it.

calendarvk978rjb0p57f7wckq8z33wk4td83twhwclaude-codevk978rjb0p57f7wckq8z33wk4td83twhweducationvk978rjb0p57f7wckq8z33wk4td83twhwhomeworkvk978rjb0p57f7wckq8z33wk4td83twhwlatestvk978rjb0p57f7wckq8z33wk4td83twhwparentsvk978rjb0p57f7wckq8z33wk4td83twhwwhatsappvk978rjb0p57f7wckq8z33wk4td83twhw
123downloads
1stars
5versions
Updated 4w ago
v0.1.4
MIT-0
@shaike1
calendarclaude-codeeducationhomeworklatestparentswhatsapp
Download

Webtop / Galim / Ofek

Use this skill to work with Webtop / SmartSchool, Galim Pro, and Ofek student task portals.

Status

Both portals are working ✅

  • Ofek (students.myofek.cet.ac.il) — working via Ministry of Education SSO
  • Galim Pro (lms.galim.org.il) — working via Ministry of Education SSO

Quick start

# Webtop only
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/webtop_fetch_summary.py

# Galim only
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/galim_fetch_tasks.py

# Ofek only
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/fetch_tasks.py

# Unified report (Webtop + Galim + Ofek)
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/unified_report.py

# Expanded report for WhatsApp / review
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/expanded_report.py --days 30 --limit 5

# Sync Galim due dates to calendar
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/sync_galim_calendar.py --days 30

# JSON output
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/fetch_tasks.py --json
python3 /root/.openclaw/workspace/skills/webtop-galim/scripts/galim_fetch_tasks.py --json

Credentials

Stored in /root/.openclaw/workspace/.env/galim.env:

GALIM_USERNAME_CHILD1=...   GALIM_PASSWORD_CHILD1=...
GALIM_USERNAME_CHILD2=...   GALIM_PASSWORD_CHILD2=...
OFEK_USERNAME_CHILD1=...    OFEK_PASSWORD_CHILD1=...
OFEK_USERNAME_CHILD2=...    OFEK_PASSWORD_CHILD2=...

Credentials are Ministry of Education student IDs and passwords. Same credentials work for both portals.

Important: Ofek URL

The correct URL for Ofek is students.myofek.cet.ac.il (not myofek.cet.ac.il). myofek.cet.ac.il blocks datacenter IPs (503). students.myofek.cet.ac.il does not.

Login flow

Ofek:

  1. https://students.myofek.cet.ac.il/he
  2. Click "התחברות משרד החינוך"
  3. Redirects to lgn.edu.gov.il SSO (EduCombinedAuthUidPwd)
  4. Fill #userName + #password, click "כניסה"
  5. Redirects back to students.myofek.cet.ac.il/he with full session

Galim Pro:

  1. https://userdata.galim.org.il/login_idm?request_uri=https%3A%2F%2Fpro.galim.org.il%2F%3Flang%3Dhe
  2. Fill #userName + #password, click "כניסה"
  3. Navigate to https://lms.galim.org.il/personal?lang=he

Task counters extracted

Ofek (from page body text):

  • לביצוע (N) → open_count
  • הוחזר לתיקון (N) → fix_count
  • מחכה לבדיקת מורה (N) → waiting_count
  • בוצע ונבדק (N) → checked_count
  • Visible activity extraction when present:
    • title
    • subject
    • teacher
    • due date
    • sections such as urgent / overdue activities

Galim (parsed from table text):

  • Per task: assigned_at, title, task_type, subject, due_at, overdue

Suggested output format

📚 משימות תלמידים

👤 Child 1
גלים: 13 משימות | אופק: לביצוע 9, לתיקון 1

👤 Child 2
גלים: 1 משימה ⚠️ | אופק: לביצוע 27

Automation

Configured daily flow:

  • 06:15scripts/sync_galim_calendar.py --days 30
    • creates family-calendar events for Galim tasks with clear due dates
    • reminders: 1 day before + 3 hours before
  • 06:20scripts/expanded_report.py --days 30 --limit 5
    • sends a WhatsApp update to the family updates group
    • covers Ofek + Galim + Webtop

Notes:

  • Calendar target is configurable via OFEK_GALIM_CALENDAR_ID
  • WhatsApp target group is configurable via OFEK_GALIM_WHATSAPP_GROUP
  • Child credentials should be provided via env vars / OFEK_KIDS_JSON, not stored in the skill
  • Ofek currently provides counters plus visible activity details parsed from page text (for example overdue / urgent visible items); Galim still provides the richer structured task list with due dates.

Files

  • scripts/webtop_fetch_summary.py — Webtop / SmartSchool fetcher
  • scripts/galim_fetch_tasks.py — Galim Pro fetcher (Playwright, LMS)
  • scripts/fetch_tasks.py — Ofek fetcher (Playwright, students portal)
  • scripts/unified_report.py — runs Webtop + Galim + Ofek and prints a combined Hebrew report
  • scripts/expanded_report.py — richer report with task titles and due dates
  • scripts/sync_galim_calendar.py — syncs Galim tasks with due dates into the family Google Calendar
  • scripts/auto_update_flow.py — helper for stateful daily automation flow
  • scripts/install.sh — creates a local env template and prints setup/test steps
  • scripts/galim_probe.py — legacy Selenium probe (kept for reference)
  • scripts/webtop_fetch_summary.py — Webtop/SmartSchool fetcher
  • references/ofek-bot-notes.md — notes from reference repo and migration history
  • references/ofek-investigation-summary.md — detailed Ofek debugging notes and findings
  • references/env-example.md — credentials file format

Comments

Loading comments...