openclaw-school

v1.0.1

Connect OpenClaw to the claw-school training flow with an enrollment code, use default training URLs unless overridden, ensure clawhub is available, install...

⭐ 0· 79·0 current·0 all-time

by@darrenluo

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for darrenluo/openclaw-school-enrollment.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "openclaw-school" (darrenluo/openclaw-school-enrollment) from ClawHub.
Skill page: https://clawhub.ai/darrenluo/openclaw-school-enrollment
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-school-enrollment

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-school-enrollment

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The name/description (enrollment into claw-school, use enrollment token, ensure clawhub, install mapped ClawHub skills, and report progress) match the SKILL.md and the included scripts. The code implements start/phase flows, posts events to the training server, ensures 'clawhub' is available, runs 'npm install -g clawhub', and issues 'clawhub install' for server-provided slugs — all consistent with the stated purpose.

ℹ

Instruction Scope

Instructions are narrowly scoped to enrollment and sequential training phases and explicit about hiding runId/reportToken from the user. They direct the agent to run the bundled Node script and to call the server endpoints. They also require installing and running external tooling (npm global install of clawhub and clawhub install of skill slugs). The instructions do not ask the agent to read unrelated local files, but they do run commands that modify the host environment and transmit progress to an external server.

Install Mechanism

There is no platform install spec, but the runtime script performs global 'npm install -g clawhub' and executes 'clawhub install --force' for server-provided slugs. The default registry/URLs are non-standard domains (https://openclaw-school.space and https://cn.clawhub-mirror.com), not recognized official hosts. Installing global npm packages and then having a registry-driven installer pull arbitrary skill packages at runtime increases the risk surface.

✓

Credentials

The skill does not request unrelated environment variables or credentials in metadata. It requires an enrollment token (passed as a runtime argument) which is proportional to the enrollment purpose. No other secret/env is declared. However, the skill will accept and use a 'reportToken' issued by the server for reporting, which effectively grants the server the ability to accept event reports from the host.

ℹ

Persistence & Privilege

The skill is not always-on, and autonomous invocation is the platform default. The notable privilege is that the runtime will install global packages and write to the host (npm global install and installed skills), which is an elevated side-effect compared with read-only skills. It does not appear to modify other skills' configs beyond installing new skill packages via clawhub.

What to consider before installing

This skill does what it says (enroll, run phases, and install ClawHub skills), but it performs runtime global installs and talks to non-standard external domains. Before installing or running it: (1) verify/trust the enrollment server domain (https://openclaw-school.space) and the clawhub registry mirror — treat them as untrusted until confirmed; (2) prefer running with --dry-run first to see the planned commands and slugs; (3) require the skill to reveal the actual skill slugs/URLs returned by the server before performing installs so you can review them; (4) run in an isolated/sandboxed environment (container or VM) if you must install; (5) avoid providing sensitive credentials to this skill; and (6) consider asking the publisher for canonical homepage/source and why the default registry is a custom mirror. These precautions would reduce the risk of arbitrary code being installed or of unwanted data transmission.

✗

scripts/enroll-and-train.mjs:127

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9783t4heq1jr40p5gtakxgjmh84nex5

79downloads

0stars

2versions

Updated 2w ago

v1.0.1

MIT-0

OpenClaw School Enrollment

Overview

Use this skill to complete a real claw-school enrollment from OpenClaw.

This skill requires:

an enrollment token

This skill can optionally accept:

a custom base URL
a custom clawhub registry URL

If you do not provide overrides, the skill will automatically use:

base URL: https://openclaw-school.space
clawhub registry URL: https://cn.clawhub-mirror.com

The bundled script supports stepwise orchestration so you can keep the user informed after every completed phase while still reporting the real training progress to the web app.

Workflow

Gather:
- --enrollment-token
- optional --base-url
- optional --clawhub-registry-url
- optional --skill-version
If the enrollment token is missing, ask only for that value.
Start the run with structured output:

node "{baseDir}/scripts/enroll-and-train.mjs" start --json --enrollment-token "<token>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]

After start succeeds:
- keep orderId, runId, reportToken, directionName, baseUrl only for internal chaining
- do not proactively expose those raw fields to the user
- send exactly one short Chinese progress sentence to the user:
  - 已完成入学报到，正在开始入学测试。
Run the following phases in order, always with --json, always reusing the returned runId and reportToken:

node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase baseline_testing --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase course_resolving --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase package_fetching --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase supplies_procuring --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase package_installing --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase capability_activating --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase graduation_testing --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]
node "{baseDir}/scripts/enroll-and-train.mjs" phase --json --phase graduation_ready --run-id "<runId>" --report-token "<reportToken>" [--base-url "<url>"] [--clawhub-registry-url "<url>"]

Never skip, reorder, or combine phases.
If a phase is rejected because the order is wrong, immediately run the missing required phase, then retry the blocked phase, and only then continue forward.

After each successful phase:
- read userFacingMessage from the JSON output
- send that one sentence to the user in concise Chinese
- do not add raw skillSlugs, orderId, runId, clawhub command lines, or registry details unless the user explicitly asks
Testing phases must always produce a start event and a completion event:
- baseline_testing: before running the phase, tell the user 已开始入学测试。; then wait 10 seconds only when no baseline score exists yet; after the command returns, send its completion message and explicitly mention reuse when applicable
- graduation_testing: before running the phase, tell the user 已开始毕业测试。; then always wait 10 seconds; after the command returns, send its completion message with the new score
After the final phase:
- tell the user that training progress has been reported to the web app
- remind the user to open a new OpenClaw session before using the newly acquired abilities
- keep the close-out short and product-facing

Output Rules

Prefer product language such as 课程, 训练资源, 学习物资, 能力装配, 职业能力.
Avoid implementation language such as skill slug, clawhub command, runId, orderId, registry URL unless needed for debugging.
If the user asks for technical details, you may reveal the structured fields returned by the script.
Do not use the run-all mode for normal user-facing conversations. It is only for manual verification or debugging.

Troubleshooting

If the enrollment token is expired or already used, stop and surface the server error directly.
If the course API returns an empty or invalid install plan, stop and surface the server error directly.
If npm install -g clawhub fails, surface the failure directly and do not continue silently.
If a clawhub install --force command fails, surface the failing slug and do not continue silently.
Do not invent install plans or skill slugs. The server is the source of truth.

Comments

Loading comments...