← Back to Skills Marketplace
576
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install digiforma
Description
Query Digiforma training management platform via GraphQL API. Use when asked about trainees, sessions, invoices, programs, trainers, or any training data.
README (SKILL.md)
Digiforma GraphQL API
Digiforma is a French training management platform (centre de formation). Query it via GraphQL.
Authentication
All requests use Bearer token auth. The API key is stored in environment variable DIGIFORMA_API_KEY.
Endpoint
POST https://app.digiforma.com/api/v1/graphql
How to query
Use curl:
curl -s -X POST https://app.digiforma.com/api/v1/graphql \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGIFORMA_API_KEY" \
-d '{"query": "YOUR_GRAPHQL_QUERY"}'
Common queries
List trainees (stagiaires)
{ trainees(perPage: 20, page: 1) { items { id firstName lastName email phone } pagination { totalItems totalPages } } }
Search trainee by name
{ trainees(perPage: 10, page: 1, search: "NOM") { items { id firstName lastName email phone } } }
List training sessions
{ trainingSessions(perPage: 20, page: 1) { items { id name status startDate endDate program { name } } pagination { totalItems totalPages } } }
List programs
{ programs(perPage: 20, page: 1) { items { id name duration } pagination { totalItems totalPages } } }
List invoices
{ invoices(perPage: 20, page: 1) { items { id number amount status dueDate company { name } } pagination { totalItems totalPages } } }
List trainers (formateurs)
{ trainers(perPage: 20, page: 1) { items { id firstName lastName email } pagination { totalItems totalPages } } }
Training session details
{ trainingSession(id: ID) { id name status startDate endDate program { name } trainees { firstName lastName email } trainer { firstName lastName } } }
Pagination
Always use perPage and page. Check pagination.totalPages to know if more pages exist.
Important notes
- All dates are ISO format
- Status values: draft, planned, ongoing, completed, cancelled
- Always paginate large results (perPage max ~50)
- For complex filters, combine search with status filters
Usage Guidance
This skill appears to do what it claims (send GraphQL queries to Digiforma) but its metadata fails to declare the API key that the instructions require. Before installing: 1) Verify the skill publisher/source — no homepage or known owner is provided. 2) Do not provide your DIGIFORMA_API_KEY unless you trust the source; request that the skill metadata be corrected to list DIGIFORMA_API_KEY as a required credential. 3) If you must use it, create a least-privilege API token on Digiforma (scoped and revocable) and rotate it after testing. 4) Be aware queries can return sensitive trainee data (PII); consider restricting the agent's ability to run the skill autonomously (require manual invocation) or enforce network/egress controls. 5) Prefer HTTPS (the endpoint is HTTPS) and confirm the endpoint URL with Digiforma docs. If the publisher cannot justify the missing credential declaration or is unknown, treat the skill cautiously or avoid installing it.
Capability Analysis
Type: OpenClaw Skill
Name: digiforma
Version: 1.0.0
The skill defines a `curl` command in `SKILL.md` that uses a placeholder `YOUR_GRAPHQL_QUERY`. While the command itself is necessary for the skill's stated purpose of querying a GraphQL API, this placeholder represents a potential shell injection vulnerability. If the OpenClaw agent does not properly sanitize or escape user-provided input before substituting it into `YOUR_GRAPHQL_QUERY`, a malicious user could inject arbitrary shell commands, leading to remote code execution. This is a significant risk, classifying the skill as suspicious due to the inherent vulnerability, even without clear evidence of intentional malicious design by the skill author.
Capability Assessment
Purpose & Capability
The skill's name and description match the instructions (query Digiforma GraphQL API). However, the SKILL.md explicitly requires a Bearer token via the environment variable DIGIFORMA_API_KEY while the registry metadata lists no required environment variables or primary credential — an incoherence between declared capabilities and what the skill actually needs.
Instruction Scope
The instructions stay within the stated purpose (building and POSTing GraphQL queries to https://app.digiforma.com/api/v1/graphql). They do not request system files or unrelated environment variables. The problem: the runtime instructions reference an environment variable (DIGIFORMA_API_KEY) that is not declared in the skill metadata, which could lead to accidental secret exposure if users are not warned.
Install Mechanism
Instruction-only skill with no install steps or code to write to disk. This is lower risk because nothing is downloaded or installed by the skill package itself.
Credentials
SKILL.md requires DIGIFORMA_API_KEY (a secret) but the skill's declared requirements list no environment variables or primary credential. The skill is therefore not transparently declaring the secret access it needs; this lack of declaration is disproportionate and a potential governance/privacy risk.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and allows normal autonomous invocation (disable-model-invocation is false), which is the platform default and not itself a red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install digiforma - After installation, invoke the skill by name or use
/digiforma - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Digiforma skill.
- Enables querying Digiforma's training management platform using the GraphQL API.
- Supports retrieval of trainees, sessions, invoices, programs, and trainers.
- Authentication via Bearer token using the DIGIFORMA_API_KEY environment variable.
- Includes example GraphQL queries for common use cases.
- Details pagination and important usage notes for efficient data access.
Metadata
Frequently Asked Questions
What is Digiforma?
Query Digiforma training management platform via GraphQL API. Use when asked about trainees, sessions, invoices, programs, trainers, or any training data. It is an AI Agent Skill for Claude Code / OpenClaw, with 576 downloads so far.
How do I install Digiforma?
Run "/install digiforma" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Digiforma free?
Yes, Digiforma is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Digiforma support?
Digiforma is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Digiforma?
It is built and maintained by mibbou (@mibbou); the current version is v1.0.0.
More Skills