← 返回 Skills 市场
thomasoscar

OpenClaw-Halo-CMS

作者 Thomas_Oscar · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
104
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-halo-cms
功能描述
博客文章管理技能。当用户提到"发文章"、"写博客"、"Halo"、"发帖"、 "回复评论"、"博客管理"等关键词时使用此技能。
安全使用建议
Do not install or run this skill until the author clarifies and/or fixes the credential handling. Specific things to verify or request from the author: (1) Why does SKILL.md declare HALO_PAT_TOKEN (Bearer) while the script uses HALO_USER/HALO_PASS (Basic)? The code should be updated to use the documented credential or the metadata updated to list the envs the script actually needs. (2) Remove or make optional the .env.halo workspace scan — reading parent directories can expose unrelated secrets; prefer explicit env vars only. (3) Document HALO_URL, HALO_USER, HALO_PASS, and OPENCLAW_WORKSPACE in the metadata if they are required. (4) Review the full script (the provided file was truncated) to ensure there are no hidden endpoints or data-exfiltration behaviors. If you must test it, run it in an isolated sandbox with minimal test credentials and set HALO_URL to a controlled test server. Avoid placing real credentials in workspace files until the mismatch is resolved.
功能分析
Type: OpenClaw Skill Name: openclaw-halo-cms Version: 1.0.0 The skill bundle is a legitimate tool for managing a Halo CMS instance. The Python script (scripts/halo_api.py) implements standard blog management functions such as listing, creating, and publishing posts using the Halo REST API. Notably, the script includes a `_check_content_safety` function that uses regex to warn the user if they are about to post sensitive information like passwords or API keys. The SKILL.md instructions also include defensive prompts requiring the agent to seek user confirmation before publishing and to avoid leaking system configurations, which aligns with the stated purpose and security best practices.
能力评估
Purpose & Capability
The skill's name/description (Halo blog management) matches the code's operations (listing, creating, publishing posts, replying to comments). However the declared primary credential (HALO_PAT_TOKEN, Bearer JWT) in SKILL.md/metadata is not used by the code; instead the script resolves HALO_USER/HALO_PASS (Basic auth) and reads .env.halo files. This is an incoherence between stated purpose/requirements and actual credential usage.
Instruction Scope
SKILL.md instructs the agent to run scripts/halo_api.py and specifies Bearer PAT usage and safety constraints, but the script: (1) does not use HALO_PAT_TOKEN, (2) searches for a .env.halo file in the workspace and parent dirs (reads files outside the skill bundle), and (3) relies on HALO_USER/HALO_PASS and HALO_URL. The script therefore accesses environment and filesystem state beyond the declared inputs — this is scope creep and a possible source of secret exposure.
Install Mechanism
No install spec is provided (instruction-only skill plus a Python script). Nothing is downloaded or executed at install time; risk from install mechanism is low. The runtime risk comes from the included script's behavior, not from an installer.
Credentials
Metadata declares only HALO_PAT_TOKEN as required, but the script uses/reads HALO_USER, HALO_PASS, HALO_URL, and OPENCLAW_WORKSPACE, plus scanning .env.halo files for credentials. Required envs and file reads are not proportional to the declared HALO_PAT_TOKEN: either the metadata is wrong or the code is misaligned. The script may therefore access credentials the user did not expect to be used.
Persistence & Privilege
always is false, no automatic persistence or modification of other skills is present in the manifest. The skill does not request elevated persistence privileges in the registry metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-halo-cms
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-halo-cms 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the halo-cms skill for managing blog articles and comments via Halo REST API. - Supports listing, creating, and publishing blog posts. - Enables listing categories and tags. - Allows replying to comments. - Requires `HALO_PAT_TOKEN` for API authentication. - Enforces strict safety and privacy rules before publishing articles.
元数据
Slug openclaw-halo-cms
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

OpenClaw-Halo-CMS 是什么?

博客文章管理技能。当用户提到"发文章"、"写博客"、"Halo"、"发帖"、 "回复评论"、"博客管理"等关键词时使用此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 104 次。

如何安装 OpenClaw-Halo-CMS?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-halo-cms」即可一键安装,无需额外配置。

OpenClaw-Halo-CMS 是免费的吗?

是的,OpenClaw-Halo-CMS 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw-Halo-CMS 支持哪些平台?

OpenClaw-Halo-CMS 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw-Halo-CMS?

由 Thomas_Oscar(@thomasoscar)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论