← Back to Skills Marketplace
gyuryongkim

Gusnais Skill

by GYURYONGKIM · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
215
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gusnais-skill
Description
Gusnais (Ruby-China/Homeland compatible) API integration with web-parity behavior and permission-consistent UX. Use when users want to connect using only CLI...
README (SKILL.md)

Gusnais Skill

Implement Gusnais API integration that mirrors web behavior and permission boundaries.

Require only two user inputs

  • CLIENT_ID
  • CLIENT_SECRET

Do not ask for base URL, OAuth paths, account IDs, scope defaults, pagination defaults, or serializer mappings unless discovery fails.

Auto-complete platform config

Use these defaults:

  • Site: https://gusnais.com
  • OAuth Authorize: /oauth/authorize
  • OAuth Token: /oauth/token
  • OAuth Revoke: /oauth/revoke
  • API Base: /api/v3

Auth flow

  1. Build authorization URL automatically.
  2. Exchange authorization code for access_token and refresh_token.
  3. Validate token with GET /api/v3/users/me.
  4. Refresh once on 401; if refresh fails, request re-auth.

Prefer Authorization header for requests:

  • Authorization: Bearer \x3Caccess_token>

Keep access_token query fallback for compatibility with Homeland API behavior.

Web parity contract

Match gusnais.com UX and permission behavior:

  1. Read abilities first when available
    • Resource-level actions must follow returned abilities.
  2. Dual check
    • UI check (visible/enabled) using abilities.
    • Execution check with real API call and status code handling.
  3. No privilege escalation
    • Never assume admin/mod privileges in client logic.
  4. Respect hidden/inaccessible resources
    • 404/403 semantics should stay consistent with server behavior.

Capability gating model

For each action produce:

  • visible: true|false
  • enabled: true|false
  • reason: ok|no_permission|auth_required|resource_unavailable|validation_error
  • source: abilities|server_status|policy

Endpoint behavior alignment

Use endpoint mapping in references/endpoints.md and serializer notes for normalized outputs.

Keep defaults aligned with docs:

  • offset default: 0
  • limit default: 20
  • limit range on list endpoints: 1..150 (or endpoint-specific documented max)
  • topic list default type=last_actived

For plugin domain operations (press/note/site/jobs):

  • Read plugin web-route parity and API contract in references/endpoints.md.
  • Read permission nuances in references/permission-parity.md.
  • Treat 404 on plugin API endpoints as resource_unavailable unless deployment has enabled those API routes.

Topic action safety

For POST /api/v3/topics/:id/action?type=:type (ban|excellent|unexcellent|close|open):

  • Gate by abilities if present.
  • Enforce final server response.
  • Never expose action as enabled when denied.

Error mapping

Normalize API errors without changing meaning:

  • 400 -> validation_error
  • 401 -> auth_required (refresh then retry once)
  • 403 -> no_permission
  • 404 -> resource_unavailable
  • 500 -> server_error

Return original server error text when available.

Rate limiting / retries

  • Respect Retry-After on 429.
  • Use exponential backoff with jitter for transient 5xx.
  • Avoid one-item tight loops for batch writes.

Read these references before implementation

  • references/endpoints.md
  • references/permission-parity.md

Bootstrap script

Use scripts/gusnais_bootstrap.py to initialize runtime config from CLIENT_ID and CLIENT_SECRET.

Recommended:

  • set TOKEN_STORE_PATH when exchanging code, so refreshable tokens are persisted to JSON for long-lived automation.

Plugin API client script

Use scripts/gusnais_plugin_client.py for plugin API read/write calls with:

  • auto refresh before expiry and on 401;
  • one retry after refresh;
  • normalized status reason mapping;
  • capability hint extraction from abilities;
  • action-level payload guardrails to avoid avoidable 400/500 (e.g. press create summary fallback).

Current deployment notes (2026-03-19):

  • Press API is mounted for read/write (/api/v3/press/posts*).
  • Note API is mounted for read/write (/api/v3/note/notes*).
  • Site API is mounted for sites CRUD + site_nodes list; undestroy/site_node writes are not mounted.
  • Treat any unmounted plugin API route as resource_unavailable and avoid repeated retries.
Usage Guidance
This skill mostly does what it claims: an OAuth client and plugin API caller for gusnais.com. However: (1) the registry metadata incorrectly lists no required env vars while the code and SKILL.md require CLIENT_ID and CLIENT_SECRET — treat that as a packaging/integrity red flag and confirm the source before giving secrets; (2) the bootstrap and client scripts will persist client_secret, access_token, and refresh_token into a JSON file if you set TOKEN_STORE_PATH — store that file only in a safe location and prefer 0600 perms; (3) review the two included Python scripts yourself (they are bundled and will be run) or run them in a sandbox/isolated environment if you must test; (4) if you don't trust the publisher, prefer to perform the OAuth exchange manually and create a token-store yourself rather than handing CLIENT_SECRET to an unvetted skill. If the owner/publisher is unknown, ask for provenance, a canonical homepage, or a signed release before installing.
Capability Analysis
Type: OpenClaw Skill Name: gusnais-skill Version: 1.0.0 The skill bundle provides a legitimate and well-structured integration for the Gusnais (Homeland-compatible) API. It includes an OAuth bootstrap script (gusnais_bootstrap.py) and a plugin client (gusnais_plugin_client.py) that handle token management, automatic refreshing, and API interactions. The instructions in SKILL.md and the reference files emphasize security best practices, such as respecting server-side permission boundaries ('abilities'), avoiding privilege escalation, and setting restrictive file permissions (0o600) on stored credentials.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and included scripts consistently implement a Gusnais/Homeland-compatible API client using OAuth (CLIENT_ID/CLIENT_SECRET). That capability is coherent with the stated purpose. However the registry metadata declares no required environment variables even though the SKILL.md and scripts clearly require CLIENT_ID and CLIENT_SECRET (and optionally TOKEN_STORE_PATH). This mismatch is an integrity/packaging concern.
Instruction Scope
SKILL.md confines runtime actions to OAuth flow, token validation (/api/v3/users/me), reading the two reference docs, and using the two included scripts. The scripts only perform HTTP calls to the gusnais.com site and read/write a local token store JSON. They do not attempt broader system access or unexpected network endpoints. The instructions recommend persisting tokens to disk which expands scope (local file I/O) and should be considered.
Install Mechanism
No install script or external downloads are declared (instruction-only install). The code files are bundled with the skill; there is no remote fetch or archive extraction. This is lower-risk than arbitrary remote installs.
Credentials
The skill requires CLIENT_ID and CLIENT_SECRET (and may use OAUTH_CODE, REDIRECT_URI, TOKEN_STORE_PATH) to function, which is proportionate to an OAuth client. But the registry metadata lists no required env vars (incoherent). The scripts persist client_secret and refresh tokens into a JSON file (TOKEN_STORE_PATH) on disk, which increases sensitive data exposure and must be intentionally approved by the user.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes/updates a token-store JSON file and sets file permissions to 0600 — normal for a client but it does create persistent credentials on disk which raises confidentiality considerations for the user.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gusnais-skill
  3. After installation, invoke the skill by name or use /gusnais-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Gusnais Skill 一个面向 GUSNAIS 社区运营与自动化的 Agent Skill。只需 CLIENT_ID + CLIENT_SECRET 即可完成接入,并支持长期稳定调用(自动续期、401 自动重试、权限校验)。 它可以做的事: 自动获取社区最新话题、头条、笔记、站点内容 自动发布/更新头条文章(Press) 自动创建/编辑笔记(Note) 自动维护站点导航内容(Site) 对接招聘板块流程(Jobs) 统一处理权限与错误码(400/401/403/404/500),便于 Agent 稳定运行
Metadata
Slug gusnais-skill
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Gusnais Skill?

Gusnais (Ruby-China/Homeland compatible) API integration with web-parity behavior and permission-consistent UX. Use when users want to connect using only CLI... It is an AI Agent Skill for Claude Code / OpenClaw, with 215 downloads so far.

How do I install Gusnais Skill?

Run "/install gusnais-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gusnais Skill free?

Yes, Gusnais Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Gusnais Skill support?

Gusnais Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gusnais Skill?

It is built and maintained by GYURYONGKIM (@gyuryongkim); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments