ClawHub

SIGAA

v1.1.0

Interact with SIGAA (Sistema Integrado de Gestão de Atividades Acadêmicas), the academic management system used by 50+ Brazilian federal universities (UNB, U...

0· 279·0 current·0 all-time
byDaniel Guilherme Marques da Silva@olegantonov
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested binaries (curl, python3, grep) and the three environment variables (SIGAA_URL, SIGAA_USER, SIGAA_PASSWORD). The included scripts implement login and portal scraping as described.
Instruction Scope
SKILL.md and scripts restrict actions to SIGAA and the CAS SSO host discovered during login. Scripts only read declared env vars, create a local cookie file, perform HTTP GET/POST against SIGAA endpoints, parse HTML, and unset the password after login. No instructions to read unrelated files or exfiltrate data to third-party endpoints.
Install Mechanism
No install spec (instruction-only with bundled scripts) — nothing is downloaded from external URLs or written to system paths beyond a temporary cookie file. This is the lowest-risk install pattern.
Credentials
Only the SIGAA URL and the account credentials are requested, which is proportionate to the stated purpose. The scripts unset SIGAA_PASSWORD after login and limit network targets to SIGAA and derived CAS host.
Persistence & Privilege
The skill does not request persistent/system-wide presence, always is false, and it does not modify other skills or global agent configuration.
Assessment
This skill appears coherent for automating SIGAA portal tasks, but giving any third-party skill your institutional credentials carries risk. Before installing or running it: (1) verify the source/repository URL (SKILL.md references a GitHub repo; confirm it matches an author you trust), (2) review the included scripts locally (they are small and readable) and run them on a machine you control, (3) prefer using a dedicated account or rotating password for automation if your institution allows it, (4) confirm SIGAA_URL before running so credentials are only submitted to the correct domain, and (5) be aware the scripts create a temporary cookie file under /tmp (mktemp) — the script sets chmod 600 and attempts to remove it on shell exit when sourced. If you have low tolerance for credential exposure, do not provide your real password to the skill and instead test with a secondary account.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dw47n533wf545gbqtn2vysx825zr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, python3, grep
EnvSIGAA_URL, SIGAA_USER, SIGAA_PASSWORD

Comments