← 返回 Skills 市场
Miro Management
作者
Stanislav Stankovic
· GitHub ↗
· v1.1.0
· MIT-0
54
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install miro-management
功能描述
Manage Miro through the Miro REST API using OAuth 2.0, saved token files, or direct access tokens. Use when the user wants to connect a personal or local Mir...
安全使用建议
This skill appears to be a legitimate Miro API helper, but take these precautions before installing or enabling it: 1) Review scripts/miro_api.py (especially the serve-oauth-callback handler) to confirm it binds only to localhost and doesn't send tokens to unexpected endpoints. 2) Know that the skill expects Miro credentials (client ID/secret, redirect URI, or access token) even though the registry metadata doesn't declare them — don't place secrets inside the skill folder; prefer environment variables or a local token file with restrictive filesystem permissions. 3) Ensure you have a Python 3 runtime available; the metadata doesn't declare this dependency. 4) Be cautious with the 'raw' and 'preview-write' commands: they can send arbitrary API requests. 5) If you want to limit risk, require explicit user invocation (do not allow autonomous invocation) or avoid granting long-lived tokens; prefer short-lived or scoped tokens and review token storage location (.miro/tokens.json) for proper permissions. If you want a higher-assurance decision, request the full, untruncated miro_api.py serve-oauth-callback implementation and confirm no network calls target hosts other than miro.com/api endpoints.
功能分析
Type: OpenClaw Skill
Name: miro-management
Version: 1.1.0
The miro-management skill bundle is a legitimate tool for interacting with the Miro REST API. It includes a Python script (scripts/miro_api.py) that handles OAuth 2.0 flows, token management, and various board operations (listing, creating, and exporting items) using standard libraries. The instructions in SKILL.md emphasize security best practices, such as keeping secrets outside the skill folder and confirming write actions. The local OAuth callback server is a standard implementation for CLI-based authorization and is restricted to localhost by default.
能力标签
能力评估
Purpose & Capability
The name, description, SKILL.md, reference docs, and the included scripts/miro_api.py consistently implement a Miro REST API client (OAuth flow, token refresh, board/item operations, exports, raw requests). The requested operations and code match the described purpose.
Instruction Scope
Runtime instructions focus on OAuth, token files, and direct tokens and explicitly warn not to bundle secrets. The skill exposes a raw request/preview-write capability which allows sending arbitrary API calls; the SKILL.md recommends confirming payloads before writes. The callback helper (serve-oauth-callback) and raw request functionality merit inspection in the script to ensure they only bind to localhost and do not leak data elsewhere.
Install Mechanism
No install spec (instruction-only) — lowers supply-chain risk. However, the package includes a Python script but the registry metadata lists no required binaries; the skill implicitly requires a Python 3 runtime to run scripts/miro_api.py. This omission is a transparency issue (the platform cannot warn users or provision the runtime automatically).
Credentials
The SKILL.md and script reference environment variables (MIRO_CLIENT_ID, MIRO_CLIENT_SECRET, MIRO_REDIRECT_URI, MIRO_ACCESS_TOKEN) and use local token files, but the registry metadata declares no required env vars or primary credential. The skill legitimately needs Miro credentials, but the metadata omission prevents automated gating and increases risk of accidental secret exposure.
Persistence & Privilege
always:false and normal model invocation settings are appropriate. The skill does not request elevated platform persistence or modify other skills. Note: because it can be invoked autonomously (the platform default), granting it access to live Miro tokens would allow it to perform API actions; restrict automatic invocation if you do not want background writes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install miro-management - 安装完成后,直接呼叫该 Skill 的名称或使用
/miro-management触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add update commands for sticky notes/text/shapes/cards, reusable brainstorming/kanban/architecture helpers, and verify ClawHub distribution path.
v1.0.0
Initial public release: Miro REST API skill with OAuth/direct-token support, board/item operations, exports, connectors, webhook helpers, and safe preview-write mode.
元数据
常见问题
Miro Management 是什么?
Manage Miro through the Miro REST API using OAuth 2.0, saved token files, or direct access tokens. Use when the user wants to connect a personal or local Mir... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 54 次。
如何安装 Miro Management?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install miro-management」即可一键安装,无需额外配置。
Miro Management 是免费的吗?
是的,Miro Management 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Miro Management 支持哪些平台?
Miro Management 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Miro Management?
由 Stanislav Stankovic(@stanestane)开发并维护,当前版本 v1.1.0。
推荐 Skills