← Back to Skills Marketplace
ghst
by
Nick Ludlam
· GitHub ↗
· v1.0.0
· MIT-0
116
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ghst
Description
Work with Ghost blogs using the ghst CLI tool. Supports full Ghost Admin API access including posts, pages, members, tags, newsletters, themes, stats, social...
README (SKILL.md)
ghst CLI Skill
This skill wraps the ghst CLI tool, which allows the agent to interact directly with any Ghost instance via the Ghost Admin API.
Prerequisites & Installation
For this skill to function, the ghst binary must be available in the system's $PATH.
Local Installation
Install the CLI globally using npm:
npm install -g @tryghost/ghst
Alternatively, you can run it via npx without a permanent installation (though this is slower for repeated agent tasks):
npx @tryghost/ghst --help
Docker / Containerized Environments
If you are running OpenClaw in Docker, ensure the ghst binary is included in your container image by adding the installation command to your Dockerfile:
RUN npm install -g @tryghost/ghst
Configuration & Authentication
To interact with a Ghost instance, the agent requires a Ghost API URL and a Ghost Staff Access Token. There are two main ways to achieve this within the ghst skill:
- Explicit flags:
--urland--staff-token - Environment variables:
GHOST_URLandGHOST_STAFF_ACCESS_TOKEN
Instructions for Bot Owners
- Navigate to your Ghost Admin panel.
- Go to Settings -> Staff (or Users) -> Edit your User Profile.
- At the bottom, generate or copy a Staff Access Token.
Option 1 — ~/.openclaw/.env (recommended for personal use)
Add the variables directly to your ~/.openclaw/.env file:
GHOST_URL="https://your-blog-url.ghost.io"
GHOST_STAFF_ACCESS_TOKEN="your-staff-access-token-id:secret"
Option 2: openclaw.json skill entry (per-skill injection)
In ~/.openclaw/openclaw.json, add an env block under your skill's entry:
{
"skills": {
"entries": {
"ghst": {
"enabled": true,
"env": {
"GHOST_URL": "https://your-blog-url.ghost.io",
"GHOST_STAFF_ACCESS_TOKEN": "your-staff-access-token-id:secret"
}
}
}
}
}
Once configured, restart your agent or wait for the config to be picked up.
Advanced Environment Variables
For complex setups, the following environment variables are supported:
| Variable | Description |
|---|---|
GHOST_URL |
Canonical URL of the Ghost instance. |
GHOST_STAFF_ACCESS_TOKEN |
{id}:{secret} for Admin API access. |
GHOST_CONTENT_API_KEY |
Hex key for Content API access (via ghst api --content-api). |
GHOST_API_VERSION |
Target API version (e.g., v5.0). Defaults to latest. |
GHOST_SITE |
Default site alias/profile to use. |
GHST_CONFIG_DIR |
Custom path for CLI configuration. |
GHST_OUTPUT |
Set to json to force JSON output globally. |
NO_COLOR |
Disable ANSI color sequences. |
Agent Guidelines & Usage
When operating the ghst skill, the agent must adhere to the following rules to ensure robust and safe usage.
1. Robust Scripting
- Always use
--jsonor--jq: Ensure your commands produce machine-readable JSON output rather than human-readable text.ghst post list --json ghst post list --json --jq '.posts[].title' - Use
--non-interactive: Since you are running in an automated environment, never issue commands that prompt for user input unexpectedly. Use--yesin combination with--non-interactivefor any required destructive operations that you have received user approval for.ghst comment delete \x3Ccomment-id> --yes --non-interactive - Non-Interactive Auth: If you need to authenticate a new site programmatically:
ghst auth login --non-interactive --url "https://blog.com" --staff-token "..."
2. Editing Posts and Pages
For detailed instructions on the "Read-Edit-Write" workflow to edit post or page lexical content (including minor rewording and URL changes), see the editing.md reference.
3. Searching and Filtering Posts and Pages
When you need to find specific posts or pages (e.g., by title, status, or tag), refer to the advanced filtering and NQL query examples documented in post.md and page.md.
Command Reference
Detailed documentation for each resource can be found in the references/ directory:
| Resource | Description |
|---|---|
ghst post |
Publish, schedule, and manage posts. |
ghst page |
Manage pages and static content. |
ghst tag |
Create and manage site tags. |
ghst member |
Manage members, imports, exports, and bulk operations. |
ghst socialweb |
ActivityPub feeds, profile management, and social interactions. |
ghst comment |
Moderate, hide, show, and delete comments. |
ghst newsletter |
Create and manage newsletters and bulk settings. |
ghst tier |
Manage membership tiers. |
ghst offer |
Create and manage subscription offers. |
ghst stats |
Site analytics, growth reporting, and post traffic. |
ghst setting |
Retrieve and update site-level settings. |
ghst image |
Upload media assets to Ghost. |
ghst theme |
Upload, activate, and validate site themes. |
ghst label |
Label management for members and content. |
ghst user |
Manage staff users and retrieve profile info. |
ghst site |
General site information. |
ghst webhook |
Configure and listen for Ghost webhooks. |
ghst migrate |
Import tools for WordPress, Medium, Substack, and CSV. |
ghst auth |
CLI authentication, site switching, and token management. |
ghst config |
CLI tool configuration and defaults. |
ghst api |
Direct raw API explorer for Admin and Content APIs. |
Example Workflows:
- Bulk Post Tagging:
ghst post bulk --filter "status:draft" --update --add-tag "Release" - Member Cleanup:
ghst member bulk --filter "status:free" --action delete --yes --non-interactive - Analytics Export:
ghst stats posts --range 30d --csv --output ./report.csv - Social Interaction:
ghst socialweb note --content "Hello from the CLI"
4. Safe Operation & Protections
- Approvals & Notices: You must explicitly ask the user before performing destructive commands or bulk updates. Note: The CLI emits
GHST_AGENT_NOTICE:lines onstderrwhen a manual confirmation is interrupted. If you see this, you must stop and ask the user for explicit approval. - Destructive Commands: Always use
--yes --non-interactivefor the following once approved:ghst member bulk --action deleteghst label bulk --action deleteghst socialweb deleteghst auth logoutghst auth link(when replacing active link)
- File Safety: CLI tools like
member exportandmigrate exportwill refuse to overwrite existing files. Check for file existence before exporting if necessary. - Security Check: Never print or output sensitive tokens (e.g., values coming from
ghst auth tokenorconfig --show-secrets) into the chat unprompted. Treat them as privileged credentials.
Usage Guidance
This skill appears to be what it claims: a wrapper around the ghst CLI for managing Ghost sites. Before installing, consider: (1) The GHOST_STAFF_ACCESS_TOKEN is an admin-level secret—only provide it for sites you trust and store it in a secure location (per-skill openclaw.json or a secured ~/.openclaw/.env). (2) Installing via npm/@tryghost/ghst is standard, but npm packages can run install scripts—prefer obtaining the package from the official TryGhost source (the declared homepage is the official repo). If you want to reduce blast radius, run the CLI via npx (no global install) and/or limit the token's lifetime or scope and rotate it after enabling the skill. (3) If you do not want the agent to act autonomously with this credential, disable or un-enable the skill when not required or adjust agent invocation settings. Overall, the skill is coherent and expected for managing Ghost, but treat the staff token as highly sensitive.
Capability Analysis
Type: OpenClaw Skill
Name: ghst
Version: 1.0.0
The skill is a well-documented wrapper for the official Ghost CLI tool (@tryghost/ghst), providing comprehensive access to the Ghost Admin API. It includes detailed reference files for various resources (posts, members, themes, etc.) and explicitly instructs the AI agent to follow safe practices, such as requesting user approval for destructive actions and avoiding the disclosure of sensitive API tokens in chat. No indicators of data exfiltration, malicious execution, or prompt injection were found.
Capability Assessment
Purpose & Capability
Name/description, required binary (ghst), required env vars (GHOST_URL, GHOST_STAFF_ACCESS_TOKEN), and the declared npm package (@tryghost/ghst) all align with the stated purpose of providing Ghost Admin API access via the ghst CLI.
Instruction Scope
SKILL.md contains explicit, scoped runtime instructions for using the ghst CLI (use --json, non-interactive flags, read/write lexical files, etc.). It only references files and env vars relevant to Ghost operations (e.g., content.json, ~/.openclaw/.env, openclaw.json). There are no instructions to read unrelated system files or to send data to unexpected external endpoints.
Install Mechanism
Install is via the npm package @tryghost/ghst or run via npx. This is the expected mechanism for a Node CLI; npm installs can run lifecycle scripts (moderate risk), but the package and install method are coherent with the CLI nature of the skill and not unusual for the stated purpose.
Credentials
Requested env vars are limited and relevant (GHOST_URL and GHOST_STAFF_ACCESS_TOKEN). Note: a staff access token grants full Admin API privileges for the site and is therefore highly sensitive—requiring it is proportionate but requires careful handling by the user (store securely, restrict scope, rotate if exposed). Optional additional env vars listed are reasonable for configuration and are not required by default.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not modify other skills or global config beyond per-skill openclaw.json guidance, and uses the platform's normal autonomous invocation defaults. No elevated persistence is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ghst - After installation, invoke the skill by name or use
/ghst - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the ghst skill.
- Introduces integration with the ghst CLI for full Ghost Admin API support.
- Enables management of posts, pages, members, tags, newsletters, themes, stats, social web, and more.
- Requires Ghost site URL and staff access token for authentication, via environment variables or per-skill config.
- Provides robust agent operation guidelines, including non-interactive and JSON output requirements.
- Includes references and examples for safe operation, bulk actions, and advanced API usage.
Metadata
Frequently Asked Questions
What is ghst?
Work with Ghost blogs using the ghst CLI tool. Supports full Ghost Admin API access including posts, pages, members, tags, newsletters, themes, stats, social... It is an AI Agent Skill for Claude Code / OpenClaw, with 116 downloads so far.
How do I install ghst?
Run "/install ghst" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ghst free?
Yes, ghst is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ghst support?
ghst is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ghst?
It is built and maintained by Nick Ludlam (@nickludlam); the current version is v1.0.0.
More Skills