← 返回 Skills 市场
92
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install halo-blog
功能描述
Use when managing a Halo blog instance via CLI, including authentication, posts, pages, themes, plugins, attachments, backups, comments, moments, notificatio...
使用说明 (SKILL.md)
Halo Blog CLI Skill
A command-line tool skill for managing Halo blog instances.
Installation
npm install -g @halo-dev/cli
Verify:
halo --version
halo --help
Requirements: Node.js >= 22
Quick Start
-
Authenticate (see references/auth.md):
halo auth login --profile local --url http://127.0.0.1:8090 --auth-type bearer --token \x3Ctoken> -
Create a post from Markdown (see content.md for full format rules):
halo post import-markdown --file ./article.md --forceMarkdown files are automatically converted to HTML by default; if conversion fails, falls back to raw Markdown import.
-
List posts:
halo post list
Command Areas
| Area | Commands | Reference |
|---|---|---|
| Authentication | halo auth * |
auth.md |
| Publishing Rules | Markdown → HTML workflow, front matter, visibility checks | publishing.md |
| Posts & Pages | halo post *, halo single-page * |
content.md |
| Themes, Plugins, Attachments, Backups, Moments | halo theme *, halo plugin *, halo attachment *, halo backup *, halo moment * |
operations.md |
| Comments & Notifications | halo comment *, halo notification * |
moderation.md |
| Public Search | halo search * |
search.md |
Shared Conventions
- Profile selection: Use
--profile \x3Cname>when working with multiple Halo instances. - JSON output: Use
--jsonfor scripted or automated workflows. - Non-interactive safety: Destructive commands (
delete,uninstall, overwrite imports) usually require--forcewhen run non-interactively. - Basic Auth requirement: If using basic auth instead of bearer token, ensure Halo is started with
--halo.security.basic-auth.disabled=false.
Common Workflows
Switch between environments
halo auth profile list
halo auth profile use production
Export and import a post
halo post export-json my-post --output ./post.json
halo post import-json --file ./post.json --force
Publish via Markdown file
halo post import-markdown --file ./article.md --force
Upgrade all App Store themes/plugins
halo theme upgrade --all
halo plugin upgrade --all --yes
Search public content without login
halo search --keyword "halo" --url https://www.halo.run
Troubleshooting
- Login fails with anonymous user: Basic auth is likely disabled on the Halo server. Add
--halo.security.basic-auth.disabled=falseto Halo startup flags. - Credential issues: Run
halo auth profile doctorto diagnose keyring/config problems. - Profile not found: Ensure
--profilematches an existing profile fromhalo auth profile list.
安全使用建议
This skill appears to do what it says: it wraps and documents the Halo CLI and includes a helper script to publish Markdown. Before installing/using: (1) verify the source of the @halo-dev/cli npm package (check the npm registry/homepage) and ensure you trust the halo binary you install; (2) be aware npm/npx will download packages at install/run time; (3) avoid running destructive or non-interactive commands (plugin/theme install from arbitrary URLs, --yes/--force) unless you trust the target URL and know the effect; (4) protect your Halo credentials (they live in ~/.config/halo and the system keyring) and do not paste them into untrusted places; (5) the helper script prints a hardcoded example domain (blog.codingshen.top) in its output — that is just a placeholder and not contacted by the script. If you want higher assurance, review the @halo-dev/cli package and run commands in a sandboxed environment first.
功能分析
Type: OpenClaw Skill
Name: halo-blog
Version: 1.0.5
The skill bundle contains a shell script `scripts/md-to-html-post.sh` that is highly vulnerable to command injection. It interpolates shell variables (extracted from Markdown front matter) directly into a Python command string executed via `python3 -c`, which could lead to arbitrary code execution if a processed file contains a malicious title or slug. Additionally, the script and documentation (`references/publishing.md`) contain hardcoded references to a specific personal domain (`blog.codingshen.top`) and profile names (`blog-danke`), suggesting the bundle is either a non-generic personal tool or contains leftover configurations that could lead to unintended data being sent to a specific external site.
能力标签
能力评估
Purpose & Capability
Name/description ask for a Halo CLI helper and the skill only requires the 'halo' binary and documents using the @halo-dev/cli npm package and related CLI commands. Files and examples (posts, themes, attachments, backups, comments, search) are coherent with Halo blog administration.
Instruction Scope
SKILL.md and reference docs instruct the agent/user to run halo CLI commands, convert Markdown to HTML (via npx marked or local tools) and run small helper scripts. This is within scope. Notes of caution: (1) publishing.md and references describe generating/uploading cover images and instruct confirming generated images in the current conversation — if an agent automates that step it could send generated images or content to whatever endpoint the agent uses; (2) operations/publishing allow installing/upgrading themes/plugins from arbitrary URLs and provide flags like --yes/--force to skip confirmations, which is expected but potentially dangerous if used non-interactively.
Install Mechanism
There is no automatic install spec (instruction-only). SKILL.md advises 'npm install -g @halo-dev/cli' and uses 'npx marked' for conversion — both will fetch packages from the npm registry at install/run time. This is proportional to the task (Markdown conversion and CLI install) but implies network downloads from npm which the user should vet.
Credentials
The skill requests no environment variables or credentials. References explain where Halo stores config (~/.config/halo/config.json) and the system keyring, which is expected for a CLI tool. No unexpected secrets or unrelated environment access is requested.
Persistence & Privilege
always is false, the skill is user-invocable and can be called autonomously (platform default). The skill doesn't request persistent system modifications beyond running the halo CLI (which will manage its own config). The included script uses temporary directories and cleans up after itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install halo-blog - 安装完成后,直接呼叫该 Skill 的名称或使用
/halo-blog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
Update: 封面图规范增加信息丰富度要求,需能概括文章核心内容而非简单装饰
v1.0.4
Fix: 明确说明 --categories 按 displayName 匹配而非 slug,避免重复分类创建
v1.0.3
Fix: AI 生成声明使用正确的 annotation keys (ai_generated + ai_generated_desc)
v1.0.2
Add: import-json 后会重置为 DRAFT,必须重新 publish 的警告
v1.0.1
Remove: AI生成标签强制要求;Add: AI生成声明作为必选元数据步骤
v1.0.0
Initial release of the Halo Blog CLI management skill.
- Provides CLI commands for authentication, posting, managing pages, themes, plugins, attachments, backups, comments, and public search in Halo blog instances.
- Offers step-by-step setup instructions and highlights key workflows (e.g., blog auth login, post import/export, Markdown publishing).
- Documents shared conventions for multi-profile management, JSON output, and safety flags for destructive actions.
- Includes troubleshooting guidance for authentication and profile issues.
元数据
常见问题
Halo Blog 是什么?
Use when managing a Halo blog instance via CLI, including authentication, posts, pages, themes, plugins, attachments, backups, comments, moments, notificatio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 Halo Blog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install halo-blog」即可一键安装,无需额外配置。
Halo Blog 是免费的吗?
是的,Halo Blog 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Halo Blog 支持哪些平台?
Halo Blog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Halo Blog?
由 AlexShen(@alex-shen1121)开发并维护,当前版本 v1.0.5。
推荐 Skills