ClawHub

bool-cli

v1.0.1

Deploy sites to Bool.com via the bool CLI. Use when creating, deploying, updating, or managing Bool projects.

2· 288·0 current·0 all-time
byJeremy Keeshin@jkeesh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested binary (bool) and the documented env var (BOOL_API_KEY). One minor metadata inconsistency: the registry summary shows "Required env vars: [object Object]" while SKILL.md clearly documents a single optional BOOL_API_KEY—this looks like a serialization/display bug rather than a capability mismatch.
Instruction Scope
SKILL.md instructions are narrowly scoped to installing/using the bool CLI, authenticating, reading/writing the CLI's config (~/.config/bool-cli/config.json) and a per-project .bool/config, and uploading project files for deployment. These actions are expected for a deploy tool, but note that deploy reads local project files and will upload them to Bool.com — ensure no sensitive files are included in the directory being deployed.
Install Mechanism
The skill is instruction-only (no install spec in the registry), but SKILL.md recommends installing the CLI via a global npm package (npm install -g bool-cli). Installing an npm package globally is a common approach but carries the usual supply-chain considerations—verify the package source (official repo) and prefer installing from trusted package feeds or using a pinned version.
Credentials
The only credential referenced is an optional BOOL_API_KEY (or interactive login). That matches the use case. The skill also reads/writes two config paths it documents; that is proportional. Confirm the API key has minimal required permissions and that other unrelated credentials are not requested.
Persistence & Privilege
The skill is not always-on and is user-invocable; it does not request system-wide persistent privileges. It does store CLI config and per-project .bool/config (normal for a CLI).
Assessment
This skill is coherent with its purpose, but take these precautions before installing/using it: 1) Verify the npm package (bool-cli) source and version on the official repo (https://github.com/codehs/bool-cli) to avoid supply-chain tampering. 2) Only provide an API key (BOOL_API_KEY) with the minimal permissions needed and avoid storing high-privilege keys in shared environments. 3) Ensure .bool/ is added to .gitignore and do not deploy directories that contain secrets or private keys (the CLI uploads local files). 4) The registry metadata appears to have a minor rendering issue ("[object Object]")—confirm the declared required env vars in the registry or README if that matters for automation. 5) If you allow an agent to run this skill autonomously, prefer using BOOL_API_KEY (non-interactive) rather than interactive login so credentials are explicit and auditable.

Like a lobster shell, security has layers — review code before you run it.

boolvk97fba4vbdg4xbzrf0y3b4br3n822m0tbool-clivk97fba4vbdg4xbzrf0y3b4br3n822m0tlatestvk97e4b4syfyt6yh1gpk8xv1gkd8237h9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binsbool
Env[object Object]

Comments