← Back to Skills Marketplace
alex-shen1121

Halo Blog

by AlexShen · GitHub ↗ · v1.0.5 · MIT-0
cross-platform ⚠ suspicious
92
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install halo-blog
Description
Use when managing a Halo blog instance via CLI, including authentication, posts, pages, themes, plugins, attachments, backups, comments, moments, notificatio...
README (SKILL.md)

Halo Blog CLI Skill

A command-line tool skill for managing Halo blog instances.

Installation

npm install -g @halo-dev/cli

Verify:

halo --version
halo --help

Requirements: Node.js >= 22

Quick Start

  1. Authenticate (see references/auth.md):

    halo auth login --profile local --url http://127.0.0.1:8090 --auth-type bearer --token \x3Ctoken>

  2. Create a post from Markdown (see content.md for full format rules):

    halo post import-markdown --file ./article.md --force

    Markdown files are automatically converted to HTML by default; if conversion fails, falls back to raw Markdown import.

  3. List posts:

    halo post list

Command Areas

Area Commands Reference
Authentication halo auth * auth.md
Publishing Rules Markdown → HTML workflow, front matter, visibility checks publishing.md
Posts & Pages halo post *, halo single-page * content.md
Themes, Plugins, Attachments, Backups, Moments halo theme *, halo plugin *, halo attachment *, halo backup *, halo moment * operations.md
Comments & Notifications halo comment *, halo notification * moderation.md
Public Search halo search * search.md

Shared Conventions

  • Profile selection: Use --profile \x3Cname> when working with multiple Halo instances.
  • JSON output: Use --json for scripted or automated workflows.
  • Non-interactive safety: Destructive commands (delete, uninstall, overwrite imports) usually require --force when run non-interactively.
  • Basic Auth requirement: If using basic auth instead of bearer token, ensure Halo is started with --halo.security.basic-auth.disabled=false.

Common Workflows

Switch between environments

halo auth profile list
halo auth profile use production

Export and import a post

halo post export-json my-post --output ./post.json
halo post import-json --file ./post.json --force

Publish via Markdown file

halo post import-markdown --file ./article.md --force

Upgrade all App Store themes/plugins

halo theme upgrade --all
halo plugin upgrade --all --yes

Search public content without login

halo search --keyword "halo" --url https://www.halo.run

Troubleshooting

  • Login fails with anonymous user: Basic auth is likely disabled on the Halo server. Add --halo.security.basic-auth.disabled=false to Halo startup flags.
  • Credential issues: Run halo auth profile doctor to diagnose keyring/config problems.
  • Profile not found: Ensure --profile matches an existing profile from halo auth profile list.
Usage Guidance
This skill appears to do what it says: it wraps and documents the Halo CLI and includes a helper script to publish Markdown. Before installing/using: (1) verify the source of the @halo-dev/cli npm package (check the npm registry/homepage) and ensure you trust the halo binary you install; (2) be aware npm/npx will download packages at install/run time; (3) avoid running destructive or non-interactive commands (plugin/theme install from arbitrary URLs, --yes/--force) unless you trust the target URL and know the effect; (4) protect your Halo credentials (they live in ~/.config/halo and the system keyring) and do not paste them into untrusted places; (5) the helper script prints a hardcoded example domain (blog.codingshen.top) in its output — that is just a placeholder and not contacted by the script. If you want higher assurance, review the @halo-dev/cli package and run commands in a sandboxed environment first.
Capability Analysis
Type: OpenClaw Skill Name: halo-blog Version: 1.0.5 The skill bundle contains a shell script `scripts/md-to-html-post.sh` that is highly vulnerable to command injection. It interpolates shell variables (extracted from Markdown front matter) directly into a Python command string executed via `python3 -c`, which could lead to arbitrary code execution if a processed file contains a malicious title or slug. Additionally, the script and documentation (`references/publishing.md`) contain hardcoded references to a specific personal domain (`blog.codingshen.top`) and profile names (`blog-danke`), suggesting the bundle is either a non-generic personal tool or contains leftover configurations that could lead to unintended data being sent to a specific external site.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description ask for a Halo CLI helper and the skill only requires the 'halo' binary and documents using the @halo-dev/cli npm package and related CLI commands. Files and examples (posts, themes, attachments, backups, comments, search) are coherent with Halo blog administration.
Instruction Scope
SKILL.md and reference docs instruct the agent/user to run halo CLI commands, convert Markdown to HTML (via npx marked or local tools) and run small helper scripts. This is within scope. Notes of caution: (1) publishing.md and references describe generating/uploading cover images and instruct confirming generated images in the current conversation — if an agent automates that step it could send generated images or content to whatever endpoint the agent uses; (2) operations/publishing allow installing/upgrading themes/plugins from arbitrary URLs and provide flags like --yes/--force to skip confirmations, which is expected but potentially dangerous if used non-interactively.
Install Mechanism
There is no automatic install spec (instruction-only). SKILL.md advises 'npm install -g @halo-dev/cli' and uses 'npx marked' for conversion — both will fetch packages from the npm registry at install/run time. This is proportional to the task (Markdown conversion and CLI install) but implies network downloads from npm which the user should vet.
Credentials
The skill requests no environment variables or credentials. References explain where Halo stores config (~/.config/halo/config.json) and the system keyring, which is expected for a CLI tool. No unexpected secrets or unrelated environment access is requested.
Persistence & Privilege
always is false, the skill is user-invocable and can be called autonomously (platform default). The skill doesn't request persistent system modifications beyond running the halo CLI (which will manage its own config). The included script uses temporary directories and cleans up after itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install halo-blog
  3. After installation, invoke the skill by name or use /halo-blog
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
Update: 封面图规范增加信息丰富度要求,需能概括文章核心内容而非简单装饰
v1.0.4
Fix: 明确说明 --categories 按 displayName 匹配而非 slug,避免重复分类创建
v1.0.3
Fix: AI 生成声明使用正确的 annotation keys (ai_generated + ai_generated_desc)
v1.0.2
Add: import-json 后会重置为 DRAFT,必须重新 publish 的警告
v1.0.1
Remove: AI生成标签强制要求;Add: AI生成声明作为必选元数据步骤
v1.0.0
Initial release of the Halo Blog CLI management skill. - Provides CLI commands for authentication, posting, managing pages, themes, plugins, attachments, backups, comments, and public search in Halo blog instances. - Offers step-by-step setup instructions and highlights key workflows (e.g., blog auth login, post import/export, Markdown publishing). - Documents shared conventions for multi-profile management, JSON output, and safety flags for destructive actions. - Includes troubleshooting guidance for authentication and profile issues.
Metadata
Slug halo-blog
Version 1.0.5
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is Halo Blog?

Use when managing a Halo blog instance via CLI, including authentication, posts, pages, themes, plugins, attachments, backups, comments, moments, notificatio... It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.

How do I install Halo Blog?

Run "/install halo-blog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Halo Blog free?

Yes, Halo Blog is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Halo Blog support?

Halo Blog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Halo Blog?

It is built and maintained by AlexShen (@alex-shen1121); the current version is v1.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments