Description

Use the included Brickset CLI for LEGO set search/details, images, instructions, reviews, login/user hash, collection, wishlist, and notes with guarded accou...

README (SKILL.md)

Brickset AFOL skill

Name: AFOL Brickset
Author: musketyr

Use this skill when a user asks for Brickset-backed LEGO set details, extra images, building instructions, community reviews, or explicit Brickset account workflows such as collection, wishlist, ratings, quantities, and personal notes.

Primary interface: scripts/brickset.

The skill is self-contained for archive distribution and wraps the Brickset API directly using checked-in references inside this skill directory:

OpenAPI reference: references/openapi/brickset.yaml
Public prompt guidance: references/prompts/brickset-tools.txt
Private prompt guidance: references/prompts/brickset-private-tools.txt
CLI source: scripts/brickset_cli.py

Do not scrape Brickset vendor docs or invent parameters when these checked-in references answer the endpoint shape. If the reference is insufficient, say exactly what is missing.

Authentication

Required environment variable for all Brickset calls:

export BRICKSET_API_KEY=...

Optional environment variables:

export BRICKSET_USER_HASH=...      # preferred for private/account workflows
export BRICKSET_USERNAME=...       # only for `scripts/brickset login`
export BRICKSET_PASSWORD=...       # only for `scripts/brickset login`
export BRICKSET_BASE_URL=https://brickset.com/api/v3.asmx

Never print, commit, log, or paste real API keys, passwords, or user hashes. Prefer BRICKSET_USER_HASH over username/password once available.

Brickset auth placement matters:

Every verified API operation is POST.
The request body is application/x-www-form-urlencoded.
apiKey is a form field, not JSON and not an HTTP bearer token.
Public read calls still send userHash= as an empty form field unless a real BRICKSET_USER_HASH is intentionally used.
Complex filters and collection mutations go in a params form field whose value is a JSON string.

The CLI handles that shape, which is the main reason to use it instead of ad-hoc curl.

CLI quick reference

Run commands from this skill directory:

scripts/brickset --help
scripts/brickset sets --set-number 10270-1
scripts/brickset details --set-number 10270-1
scripts/brickset images --set-id 30142
scripts/brickset instructions --set-number 10270-1
scripts/brickset reviews --set-id 30142
scripts/brickset login
scripts/brickset collection
scripts/brickset wishlist
scripts/brickset notes

Private read commands (collection, wishlist, notes, or sets --owned/--wanted) require BRICKSET_USER_HASH.

Mutating commands are guarded. They do nothing unless passed --yes; use --dry-run first:

scripts/brickset collection-set --dry-run --set-id 30142 --own 1 --qty-owned 1
scripts/brickset collection-set --dry-run --set-id 30142 --want 1
scripts/brickset collection-set --dry-run --set-id 30142 --notes "placeholder note" --rating 5

Safety rules

Read-only by default:

sets
details
images
instructions
reviews
login (authentication only; treat the returned hash as secret)
collection
wishlist
notes

Mutating operations require explicit user confirmation in the current conversation before execution:

collection-set --own 1 or --own 0
collection-set --want 1 or --want 0
collection-set --qty-owned ...
collection-set --notes ...
collection-set --rating ...
collection-set --params-json ... whenever it changes account state

Stored credentials are not permission. Before any mutation, restate the exact Brickset account change, set identifier, quantity, wishlist/owned state, rating, and notes, then wait for explicit confirmation such as "yes, add it to Brickset" or "confirm rating update".

The CLI enforces this mechanically: mutating commands fail unless --yes is passed, and --dry-run prints the request shape with credentials redacted.

If the user asks to "add to my collection" without naming a provider and both Brickset/Rebrickable could apply, ask which provider to use before mutating anything.

Endpoint coverage

POST /getSets via sets, details, collection, and wishlist
POST /getAdditionalImages via images
POST /getInstructions2 via instructions
POST /getReviews via reviews
POST /login via login
POST /setCollection via collection-set --yes
POST /getUserNotes via notes

Treat collection, wishlist, rating, quantity, and personal-note data as private. Summarize only what the user needs.

Brickset setID rule

Brickset set numbers and internal set IDs are not interchangeable.

Use details or sets first when the user gives a public set number and you need a Brickset internal setID for images, reviews, or account writes:

scripts/brickset details --set-number 10270-1

Then use the returned setID:

scripts/brickset images --set-id "$SET_ID"
scripts/brickset reviews --set-id "$SET_ID"
scripts/brickset collection-set --dry-run --set-id "$SET_ID" --own 1

instructions is the exception in this checked-in OpenAPI reference: it uses the public set number directly:

scripts/brickset instructions --set-number 10270-1

Do not convert form calls to JSON requests. That is the classic foot-gun here.

Public read workflows

Search/details

scripts/brickset sets --set-number 10270-1
scripts/brickset sets --query "Galaxy Explorer"
scripts/brickset sets --params-json '{"theme":"Space","year":2022}'

Use details --set-number for the common exact-set lookup. Responses include Brickset metadata such as theme, subtheme, pieces, minifigs, release status, ratings, review counts, images, barcodes, dimensions, LEGO.com pricing, and the internal setID when available.

Images

Resolve setID with details, then:

scripts/brickset images --set-id "$SET_ID"

Use for extra photos, alternate angles, box backs, detail shots, or images beyond the main thumbnail.

Instructions

scripts/brickset instructions --set-number 10270-1

Return PDF links and explain instruction codes when helpful: BI numbers, version numbers, and booklet numbers.

Reviews and opinions

When the user asks for opinions, community feedback, ratings, whether a set is good, or whether it is worth buying, use Brickset reviews before pricing tools.

Resolve setID with details, then:

scripts/brickset reviews --set-id "$SET_ID"

Summarize real review text and star ratings. Do not invent sentiment if there are no reviews.

Private read workflows

Obtain a user hash

Only use login when private workflows require it and the user has explicitly provided or approved credential use through environment variables:

scripts/brickset login

The response contains hash. Store it as BRICKSET_USER_HASH in approved secret storage if persistence is requested. Never commit it or paste it in a PR/comment.

Collection and wishlist reads

scripts/brickset collection
scripts/brickset wishlist
scripts/brickset sets --owned 1
scripts/brickset sets --wanted 1

User notes

scripts/brickset notes

Use for personal set notes and note-backed collection context.

Mutating workflows

Do not run these with --yes until the user explicitly confirms the exact action.

Add to owned collection

After explicit intent and setID resolution:

scripts/brickset collection-set --yes --set-id "$SET_ID" --own 1 --qty-owned 1

Remove from owned collection

scripts/brickset collection-set --yes --set-id "$SET_ID" --own 0

Add to wishlist

scripts/brickset collection-set --yes --set-id "$SET_ID" --want 1

Remove from wishlist

scripts/brickset collection-set --yes --set-id "$SET_ID" --want 0

Update quantity, notes, or rating

scripts/brickset collection-set --yes --set-id "$SET_ID" --qty-owned 2 --notes "placeholder note" --rating 5

Keep notes under Brickset's documented limit from the verified spec guidance: 1000 characters. Rating is 1-5.

Live smoke checks

Local, no-network checks:

python3 -m py_compile scripts/brickset_cli.py
scripts/brickset collection-set --dry-run --set-id 30142 --own 1 --qty-owned 1

Read-only live smoke check, only when BRICKSET_API_KEY is configured:

scripts/brickset details --set-number 10270-1

If BRICKSET_USER_HASH is configured, private read smoke checks are allowed:

scripts/brickset notes

Summarize only response shape/counts/status. Do not paste private notes, collection contents, credentials, hashes, or user profile data into logs, PRs, task summaries, or chat.

Never use collection-set --yes as a smoke test unless the user explicitly asks for that real Brickset account mutation.

Response guidance

Mention Brickset as the source when returning review, instruction, image, or collection data.
For opinion questions, cite/summarize Brickset reviews first before switching to price/value analysis.
For images and instructions, return direct URLs when the API provides them.
For collection/wishlist writes, report exactly what service was changed: Brickset collection or Brickset wishlist.
If an API response has status: error, surface the message and stop rather than pretending the operation succeeded.

Usage Guidance

Before installing, confirm you are comfortable giving the skill a Brickset API key and, for private workflows, a user hash or login credentials. Keep the API base URL pointed at Brickset, use dry-run for collection or wishlist changes, and only approve --yes after the exact account change is restated correctly.

Capability Analysis

Type: OpenClaw Skill Name: afol-brickset Version: 1.0.0 The Brickset AFOL skill is a well-structured tool for interacting with the Brickset LEGO database. The core logic in `scripts/brickset_cli.py` uses only the Python standard library and includes explicit safety features such as mandatory `--yes` flags and `--dry-run` modes for mutating operations. The `SKILL.md` and prompt references provide clear instructions for the agent to seek user confirmation before making account changes and emphasize the protection of API credentials. No evidence of data exfiltration, malicious execution, or prompt injection was found.

Capability Tags

cryptocan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The Brickset search, details, images, instructions, reviews, login, collection, wishlist, and notes capabilities fit the stated LEGO/Brickset purpose, including disclosed account-write workflows.

ℹ Instruction Scope

The main SKILL.md sets clear confirmation and dry-run expectations for account mutations, though users should ensure any collection or wishlist update is explicitly confirmed before using --yes.

ℹ Install Mechanism

There is no install spec and no remote installer. However, SKILL.md names scripts/brickset as the primary interface while the manifest only shows scripts/brickset_cli.py, so the executable wrapper/path should be verified.

ℹ Credentials

Credential use is proportionate for Brickset API/account workflows, but registry metadata lists no required env vars even though SKILL.md requires BRICKSET_API_KEY and supports user hash or username/password.

ℹ Persistence & Privilege

No local background persistence is shown, but confirmed mutations persist in the user's Brickset account as collection, wishlist, rating, quantity, or note changes.

Version History

v1.0.0

Release main

Metadata

Slug afol-brickset

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is AFOL Brickset?

Use the included Brickset CLI for LEGO set search/details, images, instructions, reviews, login/user hash, collection, wishlist, and notes with guarded accou... It is an AI Agent Skill for Claude Code / OpenClaw, with 11 downloads so far.

How do I install AFOL Brickset?

Run "/install afol-brickset" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AFOL Brickset free?

Yes, AFOL Brickset is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AFOL Brickset support?

AFOL Brickset is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AFOL Brickset?

It is built and maintained by Vladimir Orany (@musketyr); the current version is v1.0.0.

More Skills

AFOL Brickset