← 返回 Skills 市场

Honeybook

Name: Honeybook
Author: chrischall

作者 chrischall · GitHub ↗ · v0.1.10 · MIT-0

cross-platform ⚠ suspicious

140

总下载

当前安装

版本数

在 OpenClaw 中安装

/install honeybook

功能描述

This skill should be used when the user asks about HoneyBook client-portal data. Triggers on phrases like "check HoneyBook", "sign contract", "pay invoice",...

使用说明 (SKILL.md)

honeybook-mcp

MCP server for HoneyBook's client portal — 8 tools for viewing contracts and invoices across multiple wedding vendors, with magic-link session capture and deep-link fallback for signing and paying.

Tools

use_magic_link — Capture a session from a vendor magic-link URL
list_active_sessions — Show currently active portal sessions
list_workspace_files — All files one vendor has shared (filter by type)
get_workspace_file — Full detail for one file
get_workspace — Workspace detail + status flags
list_payment_methods — Saved payment methods
sign_contract — Deep link to sign in portal (requires confirm:true)
pay_invoice — Deep link to pay in portal (requires confirm:true)

Workflows

First time → user pastes magic-link URL from vendor email → use_magic_link → session captured
"What contracts haven't I signed?" → list_workspace_files with file_type=agreement, filter by is_file_accepted=false
"Summarize my HB status with Silk Veil" → get_workspace (status flags) + list_workspace_files
"Send me a link to sign the photographer's contract" → list_workspace_files → sign_contract with confirm:true
"Which invoices are overdue?" → list_workspace_files with file_type=invoice, sort by due date

Notes

Each vendor = separate session keyed by portal origin (e.g. https://acme.hbportal.co)
Sessions cached in ~/.honeybook-mcp/sessions.json (mode 0600)
Write tools (sign_contract, pay_invoice) return deep links in v2
Session expires → re-run use_magic_link with a fresh URL from the vendor's email

安全使用建议

This skill appears to implement HoneyBook portal operations but has important gaps and ambiguities. Before installing or using it: (1) do not paste magic-link URLs (they contain access tokens) into an agent you don't fully trust; (2) ask the skill author to declare the config path(s) and to explain how sessions.json is stored and protected (encryption at rest, TTL for tokens, exact contents); (3) insist that write operations (signing, paying) require an explicit, human-confirmed step and that the skill return deep links instead of auto-submitting payments; (4) get clarity on how the agent 'captures' magic links (it should require the user to paste the link manually and never try to read email/clipboard without explicit permission); and (5) consider rejecting the skill or using it only in a tightly controlled environment until the author fixes the metadata (declare config paths) and documents safety/privacy controls. If the author provides those clarifications and limits persistence of sensitive tokens, reassess — otherwise treat the skill with caution.

功能分析

Type: OpenClaw Skill Name: honeybook Version: 0.1.10 The honeybook skill bundle provides a standard Model Context Protocol (MCP) interface for managing HoneyBook client portal data, such as contracts and invoices. The documentation (SKILL.md) describes legitimate workflows for session management using magic links and local storage in ~/.honeybook-mcp/sessions.json with appropriate file permissions (0600). No malicious instructions, prompt injection attempts, or indicators of unauthorized data exfiltration were found in the provided metadata or skill instructions.

能力标签

cryptocan-make-purchases

能力评估

⚠ Purpose & Capability

The skill's stated purpose (viewing/signing/paying HoneyBook portal items) is plausible for the listed tools, but the SKILL.md references a persistent session cache at ~/.honeybook-mcp/sessions.json even though the skill metadata declared no required config paths. Requesting no credentials is plausible if using magic links, but the persistent storage of session tokens should have been declared and justified.

⚠ Instruction Scope

The instructions say the agent 'captures a session from a vendor magic-link URL' but do not specify how that capture happens (user paste only, reading clipboard, fetching email, or scripting a browser). That vagueness could let the agent attempt broad actions to obtain tokens. The SKILL.md also directs writing session state to the user's home directory and performing write actions (sign_contract, pay_invoice) that require explicit confirmation but otherwise could enable transactions.

✓ Install Mechanism

This is an instruction-only skill with no install spec or code files, so there is no installer risk or arbitrary downloads.

⚠ Credentials

No environment variables or credentials are declared, which is consistent with using magic links, but the skill claims to list payment methods and store sessions (sensitive data) without declaring or explaining storage/encryption. The absence of declared config paths contradicts the SKILL.md reference to a specific sessions.json path.

⚠ Persistence & Privilege

The skill persists session tokens in ~/.honeybook-mcp/sessions.json (mode 0600) per SKILL.md, which is a lasting, sensitive artifact. Although always:false and autonomous invocation are normal, persistent session storage increases the blast radius if the agent or skill is compromised and the path was not declared up front.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install honeybook
安装完成后，直接呼叫该 Skill 的名称或使用 /honeybook 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.10

No changes detected for version 0.1.10. - No updates or modifications were made in this release.

v0.1.9

No changes detected in this version. - No file or documentation changes found for version 0.1.9. - Functionality and description remain the same as the previous release.

v0.1.8

No user-facing changes in this release. - Version bump only; no files were modified. - All features and workflows remain unchanged.

v0.1.7

No user-facing changes in this release. - Version bumped to 0.1.7 - No file changes detected

v0.1.6

No changes detected in this version. - Version 0.1.6 was released with no file modifications or updates to features, tools, or documentation.

v0.1.5

No changes detected in this version. - The SKILL.md and related files remain unchanged from the previous version.

v0.1.4

HoneyBook skill v0.1.4 - Added detailed skill overview, triggers, and tool descriptions to SKILL.md - Clarified use-cases and workflows for managing contracts, invoices, and payments across multiple wedding vendors - Documented input triggers for the skill, including common user requests and phrases - Outlined security and session-handling behavior for portal access - Updated documentation to guide users on how to check contract and invoice statuses, sign contracts, and pay invoices via deep links

元数据

Slug honeybook

版本 0.1.10

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 7

常见问题

Honeybook 是什么？

This skill should be used when the user asks about HoneyBook client-portal data. Triggers on phrases like "check HoneyBook", "sign contract", "pay invoice",... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 140 次。

如何安装 Honeybook？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install honeybook」即可一键安装，无需额外配置。

Honeybook 是免费的吗？

是的，Honeybook 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Honeybook 支持哪些平台？

Honeybook 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Honeybook？

由 chrischall（@chrischall）开发并维护，当前版本 v0.1.10。