← 返回 Skills 市场
Sanity Cms
作者
David Larrabee
· GitHub ↗
· v1.0.2
· MIT-0
108
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install sanity-cms
功能描述
Publish content to any Sanity CMS instance. Use when asked to create a Sanity draft, push a document to Sanity, upload an image asset to Sanity, or convert c...
安全使用建议
What to check before installing/using this skill:
- Metadata mismatch: the registry entry lists no required env vars or binaries, but SKILL.md and scripts require SANITY_PROJECT_ID and a write-enabled SANITY_API_TOKEN and expect curl, bash, and python3. Treat the registry metadata as incomplete and verify requirements before running.
- Token scope: only provide a SANITY_API_TOKEN with the minimum necessary privileges (prefer a token limited to a staging dataset or Editor role scoped to specific datasets). Avoid supplying a global/owner token.
- Supply env vars transiently: prefer giving the API token only for a single invocation rather than storing it long-term in the agent environment or persistent config.
- Inspect the script yourself: the included scripts/publish_draft.sh is short and readable; verify it meets your expectations (it posts to https://<project>.api.sanity.io and uses your token only for those calls).
- Workspace/file access: the skill can read schema files from your workspace or fetch remote schema URLs; do not let it read sensitive files you don't intend to expose.
- Test safely: try on a staging dataset (SANITY_DATASET=staging) or with a token that cannot delete or manage production data first.
- Trust and provenance: the skill has no homepage and an unknown source; if you do not trust the publisher, avoid giving write credentials. If you need autonomous agent invocation combined with write access, be especially cautious.
If you want, I can (1) list the exact lines where the script requires env vars and external tools, (2) produce a minimal checklist to run the script safely, or (3) suggest a hardened invocation example that uses least privilege and staging.
功能分析
Type: OpenClaw Skill
Name: sanity-cms
Version: 1.0.2
The skill bundle provides legitimate functionality for interacting with Sanity CMS, allowing an agent to upload images and publish documents. The shell script 'scripts/publish_draft.sh' and the instructions in 'SKILL.md' are well-structured and align perfectly with the stated purpose of content management. While the script uses shell variable interpolation within a Python heredoc (a potential injection vulnerability if file paths are maliciously crafted), there is no evidence of intentional malice, data exfiltration, or unauthorized access. All network activity is directed to the official Sanity API (sanity.io).
能力评估
Purpose & Capability
Name, description, SKILL.md, references, and the shell script are coherent: the skill uploads images and pushes documents to a Sanity Content API using a project ID and write token — behavior matches stated purpose.
Instruction Scope
SKILL.md instructs the agent to read schema files from the workspace, accept pasted schema, fetch remote URLs via web_fetch, or introspect the dataset via Sanity API. These actions are reasonable for generating compatible documents but do allow the skill to read workspace files and fetch remote content — verify you want those accesses.
Install Mechanism
No install spec (instruction-only plus a bundled script). This is low-install risk. Note: the bundled script will be executed by bash and invokes curl and python3 at runtime; the registry did not declare these as required binaries.
Credentials
SKILL.md and the script require SANITY_PROJECT_ID and a write-enabled SANITY_API_TOKEN (sensitive). However the registry metadata lists no required env vars. Also the script relies on curl and python3 though required binaries are not declared. Asking for a write token is proportional to the task, but the metadata omission is an incoherence and increases the chance a user will accidentally provide more persistent credentials than intended.
Persistence & Privilege
The skill is not marked always:true and does not request persistent agent privileges. It does not modify other skills or system config. Autonomous invocation is enabled (default) but not combined here with other broad privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sanity-cms - 安装完成后,直接呼叫该 Skill 的名称或使用
/sanity-cms触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Expanded schema discovery options: now supports reading schemas from workspace files, chat pastes, remote URLs, or direct API introspection without a file.
- Added details for API-driven schema discovery (listing types and inferring fields from sample documents).
- Clarified instructions for handling missing schema files and using GROQ queries.
- Documentation in SKILL.md updated for improved usability and guidance.
v1.0.1
- Update scripts/publish_draft.sh (details not specified).
- No changes to usage instructions, env vars, or workflow.
- Documentation and overall skill functionality remain unchanged.
v1.0.0
Initial release of sanity-cms skill:
- Enables publishing content to any Sanity CMS instance using the Content API.
- Supports all Sanity document types and schemas, not limited to blog posts.
- Draft creation and flexible publishing workflow via a bash script.
- Handles image uploads and reference fields according to schema requirements.
- Requires SANITY_PROJECT_ID and SANITY_API_TOKEN environment variables for authentication.
元数据
常见问题
Sanity Cms 是什么?
Publish content to any Sanity CMS instance. Use when asked to create a Sanity draft, push a document to Sanity, upload an image asset to Sanity, or convert c... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 108 次。
如何安装 Sanity Cms?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sanity-cms」即可一键安装,无需额外配置。
Sanity Cms 是免费的吗?
是的,Sanity Cms 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sanity Cms 支持哪些平台?
Sanity Cms 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sanity Cms?
由 David Larrabee(@squidpunch)开发并维护,当前版本 v1.0.2。
推荐 Skills