← Back to Skills Marketplace
Miro Management
by
Stanislav Stankovic
· GitHub ↗
· v1.1.0
· MIT-0
54
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install miro-management
Description
Manage Miro through the Miro REST API using OAuth 2.0, saved token files, or direct access tokens. Use when the user wants to connect a personal or local Mir...
Usage Guidance
This skill appears to be a legitimate Miro API helper, but take these precautions before installing or enabling it: 1) Review scripts/miro_api.py (especially the serve-oauth-callback handler) to confirm it binds only to localhost and doesn't send tokens to unexpected endpoints. 2) Know that the skill expects Miro credentials (client ID/secret, redirect URI, or access token) even though the registry metadata doesn't declare them — don't place secrets inside the skill folder; prefer environment variables or a local token file with restrictive filesystem permissions. 3) Ensure you have a Python 3 runtime available; the metadata doesn't declare this dependency. 4) Be cautious with the 'raw' and 'preview-write' commands: they can send arbitrary API requests. 5) If you want to limit risk, require explicit user invocation (do not allow autonomous invocation) or avoid granting long-lived tokens; prefer short-lived or scoped tokens and review token storage location (.miro/tokens.json) for proper permissions. If you want a higher-assurance decision, request the full, untruncated miro_api.py serve-oauth-callback implementation and confirm no network calls target hosts other than miro.com/api endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: miro-management
Version: 1.1.0
The miro-management skill bundle is a legitimate tool for interacting with the Miro REST API. It includes a Python script (scripts/miro_api.py) that handles OAuth 2.0 flows, token management, and various board operations (listing, creating, and exporting items) using standard libraries. The instructions in SKILL.md emphasize security best practices, such as keeping secrets outside the skill folder and confirming write actions. The local OAuth callback server is a standard implementation for CLI-based authorization and is restricted to localhost by default.
Capability Tags
Capability Assessment
Purpose & Capability
The name, description, SKILL.md, reference docs, and the included scripts/miro_api.py consistently implement a Miro REST API client (OAuth flow, token refresh, board/item operations, exports, raw requests). The requested operations and code match the described purpose.
Instruction Scope
Runtime instructions focus on OAuth, token files, and direct tokens and explicitly warn not to bundle secrets. The skill exposes a raw request/preview-write capability which allows sending arbitrary API calls; the SKILL.md recommends confirming payloads before writes. The callback helper (serve-oauth-callback) and raw request functionality merit inspection in the script to ensure they only bind to localhost and do not leak data elsewhere.
Install Mechanism
No install spec (instruction-only) — lowers supply-chain risk. However, the package includes a Python script but the registry metadata lists no required binaries; the skill implicitly requires a Python 3 runtime to run scripts/miro_api.py. This omission is a transparency issue (the platform cannot warn users or provision the runtime automatically).
Credentials
The SKILL.md and script reference environment variables (MIRO_CLIENT_ID, MIRO_CLIENT_SECRET, MIRO_REDIRECT_URI, MIRO_ACCESS_TOKEN) and use local token files, but the registry metadata declares no required env vars or primary credential. The skill legitimately needs Miro credentials, but the metadata omission prevents automated gating and increases risk of accidental secret exposure.
Persistence & Privilege
always:false and normal model invocation settings are appropriate. The skill does not request elevated platform persistence or modify other skills. Note: because it can be invoked autonomously (the platform default), granting it access to live Miro tokens would allow it to perform API actions; restrict automatic invocation if you do not want background writes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install miro-management - After installation, invoke the skill by name or use
/miro-management - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Add update commands for sticky notes/text/shapes/cards, reusable brainstorming/kanban/architecture helpers, and verify ClawHub distribution path.
v1.0.0
Initial public release: Miro REST API skill with OAuth/direct-token support, board/item operations, exports, connectors, webhook helpers, and safe preview-write mode.
Metadata
Frequently Asked Questions
What is Miro Management?
Manage Miro through the Miro REST API using OAuth 2.0, saved token files, or direct access tokens. Use when the user wants to connect a personal or local Mir... It is an AI Agent Skill for Claude Code / OpenClaw, with 54 downloads so far.
How do I install Miro Management?
Run "/install miro-management" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Miro Management free?
Yes, Miro Management is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Miro Management support?
Miro Management is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Miro Management?
It is built and maintained by Stanislav Stankovic (@stanestane); the current version is v1.1.0.
More Skills