Directus.io Headless CMS
Use this skill for anything involving Directus — the open-source headless CMS and backend-as-a-service. Triggers include setting up Directus (Docker, Cloud,...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 13 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is pure documentation for Directus (setup, SDK, Flows, extensions, Astro integration). It does not request unrelated binaries, credentials, or installs, and the examples and references align with a Directus helper's purpose.
Instruction Scope
SKILL.md and the reference files contain operational instructions (Docker compose, SDK snippets, Flow templates, custom endpoints, hooks). They do not instruct the agent to read arbitrary local files or system state, but they do show how Directus Flows can reference environment variables (e.g., {{ $env.OPENAI_API_KEY }}) and how Web Request operations can POST to external services — misconfiguration of those flows could leak secrets or send data off-site if a user follows the examples without applying least-privilege controls.
Install Mechanism
No install spec or code is provided — this is instruction-only. No downloads or archive extractions are requested, so there is no install-time execution risk coming from this skill bundle itself.
Credentials
The skill does not declare required environment variables or primary credentials (metadata shows none), but the documentation naturally references many Directus environment variables and example secrets (SECRET, DB_PASSWORD, S3 keys, OPENAI_API_KEY). Those examples are expected for Directus administration, but they are sensitive — users must supply those variables to run Directus or Flows. The skill itself does not demand them from the agent, but the docs demonstrate patterns that could expose secrets if misused.
Persistence & Privilege
The skill is not always-enabled and is user-invocable by default. It makes no persistent system changes (no install, no code). There is no evidence it modifies other skills or system-wide agent settings.
Assessment
This skill is a documentation/reference pack for Directus and is internally consistent with that purpose. It does not itself require credentials or install code, but it contains examples that use sensitive environment variables (DB credentials, SECRET, storage keys, OPENAI_API_KEY) and Flow templates that can include {{ $env.<NAME> }} and send web requests. Before following examples or deploying flows: - Never paste real production secrets into public code or commit .env files; keep secrets in a secure store. - Use least-privilege tokens (static tokens scoped to needed collections) and rotate them regularly. - When configuring Flows that make Web Requests, carefully review which template variables (especially {{ $env.* }} and payload fields) are sent to external endpoints to avoid accidental exfiltration. - Test Docker and extension examples in an isolated environment (not production) and ensure volumes/permissions are safe. - If you expect the agent to perform automated actions, review the specific commands or code snippets you intend the agent to run and confirm they won’t expose secrets or call external webhooks you don’t control.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Directus Skill
Directus is an open-source headless CMS and backend-as-a-service that wraps any SQL database with instant REST and GraphQL APIs, plus a no-code Data Studio for content management. It's built with Node.js and Vue.js, supports PostgreSQL, MySQL, SQLite, MariaDB, MS-SQL, OracleDB, and CockroachDB, and is fully extensible.
How to Use This Skill
This skill is organized into focused reference files. Read the relevant reference before answering:
| Topic | Reference File | When to Read |
|---|---|---|
| SDK & API Basics | references/sdk-and-api.md | Any question about the JS/TS SDK, REST API, GraphQL, authentication, CRUD operations, filtering, or real-time subscriptions |
| Astro Integration | references/astro-integration.md | Integrating Directus with Astro — fetching data, dynamic routes, SSG/SSR, live preview, authentication, visual editing |
| TypeScript Patterns | references/typescript-patterns.md | Schema typing, type generation, advanced generics, type-safe SDK usage |
| Flows & Automation | references/flows-and-automation.md | Directus Flows, triggers, operations, scheduled tasks, AI content generation, webhook integrations |
| Extensions | references/extensions.md | Custom endpoints, hooks, interfaces, layouts, displays, modules, operations, panels, themes |
| Data Modeling & Admin | references/data-modeling.md | Collections, fields, relations (M2O, O2M, M2M, M2A), singletons, permissions, roles, file management, environment config |
| Troubleshooting | references/troubleshooting.md | Common errors, debugging, CORS issues, Docker problems, migration headaches, performance tips |
Always read the relevant reference file before generating code or instructions. For complex questions spanning multiple topics, read multiple references.
Quick-Reference Essentials
These are the most common patterns you'll need. For anything beyond these basics, consult the reference files.
Install the SDK
npm install @directus/sdk
Create a Client (TypeScript)
import { createDirectus, rest, staticToken } from '@directus/sdk';
// Define your schema for type safety
interface MySchema {
posts: Post[];
categories: Category[];
global: GlobalSettings; // singleton (not an array)
}
interface Post {
id: number;
title: string;
content: string;
status: string;
category: number | Category;
}
interface Category {
id: number;
name: string;
}
interface GlobalSettings {
site_title: string;
description: string;
}
const client = createDirectus<MySchema>('https://your-directus-url.com')
.with(staticToken('your-token'))
.with(rest());
Read Items
import { readItems, readItem, readSingleton } from '@directus/sdk';
// Get all posts
const posts = await client.request(readItems('posts'));
// Get one post with relational data
const post = await client.request(readItem('posts', 1, {
fields: ['*', { category: ['name'] }],
}));
// Get singleton
const global = await client.request(readSingleton('global'));
Astro Quick Setup
// src/lib/directus.ts
import { createDirectus, rest } from '@directus/sdk';
const directus = createDirectus(import.meta.env.DIRECTUS_URL).with(rest());
export default directus;
Docker Quick Start
# docker-compose.yml
services:
directus:
image: directus/directus:latest
ports:
- 8055:8055
volumes:
- ./database:/directus/database
- ./uploads:/directus/uploads
- ./extensions:/directus/extensions
environment:
SECRET: 'your-random-secret'
ADMIN_EMAIL: 'admin@example.com'
ADMIN_PASSWORD: 'your-password'
DB_CLIENT: 'sqlite3'
DB_FILENAME: '/directus/database/data.db'
WEBSOCKETS_ENABLED: 'true'
Key Concepts to Remember
- Composable Client: The SDK client starts empty — you add features with
.with(rest()),.with(authentication()),.with(realtime()),.with(staticToken()). - Schema Typing: Always define a TypeScript schema interface for type-safe SDK usage. Regular collections are arrays, singletons are singular types.
- Access Policies: New collections are private by default. You must configure public read access or use authentication tokens.
- Directus Assets: Images/files are served at
{DIRECTUS_URL}/assets/{file-id}with optional transformation query params like?width=500&format=webp. - Flows vs Extensions: Flows are no-code automations configured in the Data Studio. Extensions are code-based additions (hooks, endpoints, etc.) that extend Directus itself.
- Environment Variables: Directus is heavily configured via env vars —
DB_CLIENT,SECRET,CORS_ENABLED,AUTH_PROVIDERS, etc.
Files
8 totalSelect a file
Select a file to preview.
Comments
Loading comments…