ClawHub

Coze Cli

v0.1.0

Interact with Coze CLI (@coze/cli) — create/deploy Coze projects, manage spaces and organizations, send messages to projects, generate images/audio/video, an...

0· 73·0 current·0 all-time
by@cengsin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions and included command reference. All referenced environment variables and config paths (COZE_ORG_ID, COZE_SPACE_ID, COZE_PROJECT_ID, COZE_CONFIG_FILE, ~/.coze/config.json, .cozerc.json, etc.) are coherent with a CLI that manages Coze projects and CI/CD usage. No unrelated credentials, binaries, or surprising access are requested.
Instruction Scope
SKILL.md only instructs the agent to run Coze CLI commands and manage local Coze config. It explicitly describes sending local files or piping stdout into `coze code message send` (expected for code/project workflows). Note: those message commands can access local files you reference or pipe in, and the OAuth flow will open a browser and store auth state (e.g., in ~/.coze/config.json). This is expected but worth user awareness.
Install Mechanism
There is no install spec in the skill bundle (instruction-only). The README/SKILL.md recommend installing `@coze/cli` via `npm install -g @coze/cli`, which is a normal public package install pattern. The skill itself does not download or execute code automatically.
Credentials
No secrets or unrelated environment variables are required by the skill. The env vars listed are service-specific (org/space/project/config file) and proportionate to CLI usage. No AWS/GCP/other cloud credentials or generic SECRET/TOKEN variables are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-level persistence. It does not attempt to modify other skills or global agent settings. Normal CLI operations may write tokens/config to standard Coze config locations (e.g., ~/.coze/config.json), which is expected behavior for an authenticated CLI.
Assessment
This skill is an instruction-only helper for the official Coze CLI and appears internally consistent. Before installing/using: verify you trust the `@coze/cli` npm package source; be aware that following the instructions will (a) ask you to run npm install -g which executes third-party code, (b) open an OAuth login in your browser and store tokens/config under ~/.coze or the configured COZE_CONFIG_FILE, and (c) allow command usage that can read and upload local files if you pass file paths or pipe content into `coze code message send`. Only provide project IDs, environment variables, or local files you intend to share. If you want stronger assurance, check the package repository and the referenced docs (docs.coze.cn / GitHub) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978wcb00emqxs7mzms3ypav7n84fzw1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments