← 返回 Skills 市场
mibbou

Digiforma

作者 mibbou · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
576
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install digiforma
功能描述
Query Digiforma training management platform via GraphQL API. Use when asked about trainees, sessions, invoices, programs, trainers, or any training data.
使用说明 (SKILL.md)

Digiforma GraphQL API

Digiforma is a French training management platform (centre de formation). Query it via GraphQL.

Authentication

All requests use Bearer token auth. The API key is stored in environment variable DIGIFORMA_API_KEY.

Endpoint

POST https://app.digiforma.com/api/v1/graphql

How to query

Use curl:

curl -s -X POST https://app.digiforma.com/api/v1/graphql \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGIFORMA_API_KEY" \
  -d '{"query": "YOUR_GRAPHQL_QUERY"}'

Common queries

List trainees (stagiaires)

{ trainees(perPage: 20, page: 1) { items { id firstName lastName email phone } pagination { totalItems totalPages } } }

Search trainee by name

{ trainees(perPage: 10, page: 1, search: "NOM") { items { id firstName lastName email phone } } }

List training sessions

{ trainingSessions(perPage: 20, page: 1) { items { id name status startDate endDate program { name } } pagination { totalItems totalPages } } }

List programs

{ programs(perPage: 20, page: 1) { items { id name duration } pagination { totalItems totalPages } } }

List invoices

{ invoices(perPage: 20, page: 1) { items { id number amount status dueDate company { name } } pagination { totalItems totalPages } } }

List trainers (formateurs)

{ trainers(perPage: 20, page: 1) { items { id firstName lastName email } pagination { totalItems totalPages } } }

Training session details

{ trainingSession(id: ID) { id name status startDate endDate program { name } trainees { firstName lastName email } trainer { firstName lastName } } }

Pagination

Always use perPage and page. Check pagination.totalPages to know if more pages exist.

Important notes

  • All dates are ISO format
  • Status values: draft, planned, ongoing, completed, cancelled
  • Always paginate large results (perPage max ~50)
  • For complex filters, combine search with status filters
安全使用建议
This skill appears to do what it claims (send GraphQL queries to Digiforma) but its metadata fails to declare the API key that the instructions require. Before installing: 1) Verify the skill publisher/source — no homepage or known owner is provided. 2) Do not provide your DIGIFORMA_API_KEY unless you trust the source; request that the skill metadata be corrected to list DIGIFORMA_API_KEY as a required credential. 3) If you must use it, create a least-privilege API token on Digiforma (scoped and revocable) and rotate it after testing. 4) Be aware queries can return sensitive trainee data (PII); consider restricting the agent's ability to run the skill autonomously (require manual invocation) or enforce network/egress controls. 5) Prefer HTTPS (the endpoint is HTTPS) and confirm the endpoint URL with Digiforma docs. If the publisher cannot justify the missing credential declaration or is unknown, treat the skill cautiously or avoid installing it.
功能分析
Type: OpenClaw Skill Name: digiforma Version: 1.0.0 The skill defines a `curl` command in `SKILL.md` that uses a placeholder `YOUR_GRAPHQL_QUERY`. While the command itself is necessary for the skill's stated purpose of querying a GraphQL API, this placeholder represents a potential shell injection vulnerability. If the OpenClaw agent does not properly sanitize or escape user-provided input before substituting it into `YOUR_GRAPHQL_QUERY`, a malicious user could inject arbitrary shell commands, leading to remote code execution. This is a significant risk, classifying the skill as suspicious due to the inherent vulnerability, even without clear evidence of intentional malicious design by the skill author.
能力评估
Purpose & Capability
The skill's name and description match the instructions (query Digiforma GraphQL API). However, the SKILL.md explicitly requires a Bearer token via the environment variable DIGIFORMA_API_KEY while the registry metadata lists no required environment variables or primary credential — an incoherence between declared capabilities and what the skill actually needs.
Instruction Scope
The instructions stay within the stated purpose (building and POSTing GraphQL queries to https://app.digiforma.com/api/v1/graphql). They do not request system files or unrelated environment variables. The problem: the runtime instructions reference an environment variable (DIGIFORMA_API_KEY) that is not declared in the skill metadata, which could lead to accidental secret exposure if users are not warned.
Install Mechanism
Instruction-only skill with no install steps or code to write to disk. This is lower risk because nothing is downloaded or installed by the skill package itself.
Credentials
SKILL.md requires DIGIFORMA_API_KEY (a secret) but the skill's declared requirements list no environment variables or primary credential. The skill is therefore not transparently declaring the secret access it needs; this lack of declaration is disproportionate and a potential governance/privacy risk.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and allows normal autonomous invocation (disable-model-invocation is false), which is the platform default and not itself a red flag here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install digiforma
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /digiforma 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Digiforma skill. - Enables querying Digiforma's training management platform using the GraphQL API. - Supports retrieval of trainees, sessions, invoices, programs, and trainers. - Authentication via Bearer token using the DIGIFORMA_API_KEY environment variable. - Includes example GraphQL queries for common use cases. - Details pagination and important usage notes for efficient data access.
元数据
Slug digiforma
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Digiforma 是什么?

Query Digiforma training management platform via GraphQL API. Use when asked about trainees, sessions, invoices, programs, trainers, or any training data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 576 次。

如何安装 Digiforma?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install digiforma」即可一键安装,无需额外配置。

Digiforma 是免费的吗?

是的,Digiforma 完全免费(开源免费),可自由下载、安装和使用。

Digiforma 支持哪些平台?

Digiforma 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Digiforma?

由 mibbou(@mibbou)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论