← 返回 Skills 市场
Miro CLI
作者
bigbubbaagent-bot
· GitHub ↗
· v1.0.5
· MIT-0
280
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install miro-cli
功能描述
Miro CLI tool for board/team/org management via command line. Use when querying boards, exporting data, viewing teams/organizations, or automating Miro workf...
安全使用建议
This skill is a wrapper around an external npm tool (mirocli). Before installing: 1) Verify the npm package and GitHub repo (review source, recent commits/issues, and maintainer reputation). 2) Prefer testing in an isolated environment or container and with a non-production Miro account. 3) Understand that npm install -g executes package install scripts—avoid installing globally on sensitive machines until reviewed. 4) Confirm where mirocli stores tokens (~/.mirocli and system keyring) and inspect that directory after first run. 5) Ask the skill publisher to correct the manifest to list required credentials (org id, client id, client secret) so the metadata matches the runtime instructions. If you cannot or do not want to trust a third-party npm binary with your Client Secret, do not install this skill.
功能分析
Type: OpenClaw Skill
Name: miro-cli
Version: 1.0.5
The miro-cli skill is a legitimate wrapper for the third-party 'mirocli' npm package (davitp/mirocli) used for Miro platform management. It includes standard helper scripts (export-team-boards.sh, list-boards-detailed.sh) and provides extensive documentation regarding its trust model and the secure handling of credentials via the system keyring. No indicators of malicious intent, data exfiltration, or unauthorized execution were found.
能力评估
Purpose & Capability
The SKILL.md clearly requires OAuth credentials (org id, client id, client secret) and documents interactive credential setup, which aligns with the stated Miro CLI purpose. However the registry metadata lists no required environment variables or primary credential, creating a manifest/metadata mismatch that is unexplained.
Instruction Scope
Runtime instructions and helper scripts only call the external mirocli binary, jq, and standard shell tools; they instruct interactive OAuth setup and store secrets via the external tool's system keyring. The instructions do not read unrelated system files or post data to unexpected endpoints.
Install Mechanism
Installation uses an npm package (davitp/mirocli) which is a public community package (moderate risk). There are no ad-hoc downloads from unknown servers. npm install -g runs maintainer-provided install scripts—verify the package source and recent activity before installing globally.
Credentials
The skill requires OAuth credentials per SKILL.md (Client ID/Secret, Org ID) but the skill's declared registry requirements list no required env vars or primary credential. The credential handling is delegated to the external binary (mirocli) and said to be stored in the system keyring, but the manifest should explicitly declare the credential requirements to match the instructions.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does recommend installing a global npm binary (which writes to system/global npm locations) and suggests adding the scripts directory to PATH—both are normal but worth caution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install miro-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/miro-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
METADATA FIX: Flatten and simplify frontmatter structure. Move credentials to top-level required_credentials declaration. Add explicit metadata section with trust_model: external-binary-managed-credentials. Clarify security model with capabilities/limitations/external_binary/credential_storage declarations. Fix registry metadata mismatch that was flagging credentials inconsistency in security scanner.
v1.0.4
CRITICAL FIX: Move credentials from nested metadata to top-level registry 'requires' section - fixes ClawHub platform security review mismatch where registry showed 'no required credentials' while SKILL.md listed 3 required credentials. Registry now correctly declares: bins (mirocli, jq, column) and credentials (miro_org_id, miro_client_id, miro_client_secret)
v1.0.3
ClawHub review fixes: (1) Declare all binary dependencies (jq, column) with verification notes; (2) Add explicit trust model section; (3) Require verification of mirocli npm package authenticity; (4) Replace PATH modification suggestion with safer alternatives; (5) Add security warnings about external binary reliance and credential handling
v1.0.2
Fix: Add proper metadata, security documentation, and credential declarations for ClawHub review compliance
v1.0.1
Security fix: Remove hardcoded organization/client IDs from documentation
v1.0.0
Initial release: Comprehensive CLI tool for Miro board management, team views, and board exports
元数据
常见问题
Miro CLI 是什么?
Miro CLI tool for board/team/org management via command line. Use when querying boards, exporting data, viewing teams/organizations, or automating Miro workf... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 280 次。
如何安装 Miro CLI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install miro-cli」即可一键安装,无需额外配置。
Miro CLI 是免费的吗?
是的,Miro CLI 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Miro CLI 支持哪些平台?
Miro CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Miro CLI?
由 bigbubbaagent-bot(@bigbubbaagent-bot)开发并维护,当前版本 v1.0.5。
推荐 Skills