Habilidades moodle-external-api-development

📦

moodle-external-api-development

Name: moodle-external-api-development
Author: sickn33

Baixo Risco ⚡ Contém scripts⚙️ Comandos externos🌐 Acesso à rede

Build Moodle External Web Services

Create secure custom web service APIs for Moodle LMS with proper parameter validation, capability checks, and service registration patterns.

Suporta: Claude Codex Code(CC)

🥉 72 Bronze

Baixar o ZIP da skill

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

Ative e comece a usar

Testar

A utilizar "moodle-external-api-development". Create an external API to get user course progress

Resultado esperado:

PHP class extending external_api with execute_parameters(), execute(), and execute_returns() methods
Parameter definitions using external_value(PARAM_INT) and external_single_structure
Context validation using validate_context() and capability checks
Database query using parameterized queries for SQL injection prevention

A utilizar "moodle-external-api-development". Register the web service for mobile access

Resultado esperado:

services.php file with function definition including classname, methodname, and capabilities
Service definition with restrictedusers and enabled flags
Use MOODLE_OFFICIAL_MOBILE_SERVICE for mobile app integration

Auditoria de Segurança

Baixo Risco

v1 • 2/25/2026

This is a documentation/educational skill for Moodle external API development. Static analyzer flagged 127 potential issues, but evaluation confirms all are false positives. The detected patterns are: (1) Markdown backticks for code formatting flagged as shell commands, (2) Documentation URLs to moodledev.io, (3) Benign keywords in YAML frontmatter triggering false positives. No actual security risks present.

Arquivos analisados

600

Linhas analisadas

achados

Total de auditorias

Problemas de Baixo Risco (2)

SKILL.md:24-579

Markdown Backticks Flagged as Shell Commands

Static analyzer detected backticks as 'Ruby/shell backtick execution'. These are markdown code formatting (e.g., `execute_parameters()`), not actual shell commands. No command execution risk.

SKILL.md:404-586

Documentation URLs Detected

Hardcoded URLs found are legitimate links to Moodle developer documentation (moodledev.io) and example API endpoint placeholders. No data exfiltration risk.

Fatores de risco

⚡ Contém scripts (1)

SKILL.md:421

⚙️ Comandos externos (79)

SKILL.md:24 SKILL.md:25 SKILL.md:26 SKILL.md:32 SKILL.md:34-51 SKILL.md:51-54 SKILL.md:54-55 SKILL.md:55 SKILL.md:55-56 SKILL.md:56-61 SKILL.md:61-72 SKILL.md:72-75 SKILL.md:75-76 SKILL.md:76-77 SKILL.md:77-78 SKILL.md:78-79 SKILL.md:79-80 SKILL.md:80-83 SKILL.md:83-84 SKILL.md:84-85 SKILL.md:85-88 SKILL.md:88-89 SKILL.md:89-90 SKILL.md:90-94 SKILL.md:94-143 SKILL.md:143-146 SKILL.md:146-147 SKILL.md:147-148 SKILL.md:148-154 SKILL.md:154-167 SKILL.md:167-170 SKILL.md:170-177 SKILL.md:177-179 SKILL.md:179-205 SKILL.md:205-208 SKILL.md:208-209 SKILL.md:209-210 SKILL.md:210-211 SKILL.md:211-212 SKILL.md:212-213 SKILL.md:213-217 SKILL.md:217-261 SKILL.md:261-274 SKILL.md:274-291 SKILL.md:291-295 SKILL.md:295-319 SKILL.md:319-323 SKILL.md:323-361 SKILL.md:361-365 SKILL.md:365-389 SKILL.md:389-402 SKILL.md:402-416 SKILL.md:416-420 SKILL.md:420-436 SKILL.md:436-454 SKILL.md:454-456 SKILL.md:456 SKILL.md:456-460 SKILL.md:460-474 SKILL.md:474-475 SKILL.md:475-482 SKILL.md:482-497 SKILL.md:497-503 SKILL.md:503-550 SKILL.md:550-554 SKILL.md:554-567 SKILL.md:567-568 SKILL.md:568-569 SKILL.md:569-570 SKILL.md:570-571 SKILL.md:571-572 SKILL.md:572-573 SKILL.md:573-574 SKILL.md:574-575 SKILL.md:575-576 SKILL.md:576-577 SKILL.md:577-578 SKILL.md:578-579 SKILL.md:579-590

🌐 Acesso à rede (6)

SKILL.md:404 SKILL.md:410 SKILL.md:583 SKILL.md:584 SKILL.md:585 SKILL.md:586

Auditado por: claude

Pontuação de qualidade

Arquitetura

100

Manutenibilidade

Conteúdo

Comunidade

Segurança

Conformidade com especificações

O Que Você Pode Construir

Moodle Plugin Developer

Build custom external APIs for your Moodle plugin to expose functionality to mobile apps or external systems

LMS Integration Specialist

Create web service endpoints to integrate Moodle with student information systems or CRM platforms

Mobile App Backend Developer

Develop Moodle-backed REST APIs for custom mobile applications accessing course data

Tente Estes Prompts

Basic API Structure

Show me how to create a basic external API class in Moodle with the three-method pattern

Parameter Definition

How do I define input parameters with validation for a Moodle external API? Include examples for integer, text, and boolean parameters

Business Logic Implementation

Write example business logic for a Moodle external API that retrieves course progress, including context validation and capability checks

Service Registration

How do I register a Moodle external web service? Show the services.php file structure with capabilities and AJAX access

Melhores Práticas

Always validate parameters using validate_parameters() before processing
Use context validation and capability checks to enforce permissions
Use parameterized queries ($DB->get_records_sql) to prevent SQL injection
Document all parameter types and return structures clearly

Evitar

Skipping parameter validation - always use validate_parameters()
Using raw SQL without parameterized queries - use $DB methods with bound parameters
Omitting capability checks - always verify user permissions
Returning inconsistent data structures - match execute_returns() definition exactly

Perguntas Frequentes

What is the three-method pattern for Moodle external APIs?

Moodle external APIs require three methods: execute_parameters() defines input structure, execute() contains business logic, and execute_returns() defines the output structure.

How do I secure my Moodle external API?

Use context validation (validate_context), capability checks (require_capability), and proper parameter validation (validate_parameters) to secure your API.

Can I use my external API with the Moodle mobile app?

Yes, include MOODLE_OFFICIAL_MOBILE_SERVICE in your service registration to enable mobile access.

What parameter types does Moodle support?

Moodle supports PARAM_INT, PARAM_TEXT, PARAM_RAW, PARAM_BOOL, PARAM_FLOAT, PARAM_ALPHANUMEXT, and more for external API parameters.

How do I prevent SQL injection in external APIs?

Use Moodle's database API ($DB) with parameterized queries using named placeholders like :userid instead of string concatenation.

What is the difference between read and write service types?

Read type is for SELECT operations that only retrieve data. Write type is for INSERT, UPDATE, or DELETE operations that modify data.

Detalhes do Desenvolvedor

Autor

sickn33

Licença

MIT

Repositório

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/moodle-external-api-development

Referência

main

Estrutura de arquivos

📄 SKILL.md