bool-cli
WarnAudited by ClawScan on May 10, 2026.
Overview
This is mostly a straightforward Bool.com deployment CLI skill, but it tells agents to bypass deletion confirmation, so destructive actions need careful user review.
Install only if you are comfortable giving the agent access to the Bool CLI and Bool account credentials. Before any delete, public visibility change, or deploy, confirm the exact project slug, directory, and intended visibility; do not let the agent use the delete '-y' option unless you have explicitly approved that deletion.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could delete a Bool project more easily than intended if it selects the wrong slug or acts without a clear confirmation step.
This tells an agent to bypass an interactive confirmation for a destructive project deletion command, without pairing it with an explicit user-approval requirement.
- **Delete**: Always pass `-y` / `--yes` to skip the confirmation prompt: `bool bools delete <slug> -y`
Require explicit user confirmation for the exact project slug before using delete with '-y', and prefer showing project info first so the user can verify the target.
Anyone or any agent process with access to the API key or config file may be able to manage Bool projects under that account.
The skill requires or uses Bool account credentials and stores them locally; this is expected for a deployment CLI but gives the agent account-level authority over Bool resources.
Set `BOOL_API_KEY` env var, or run `bool auth login` interactively ... The API key is saved to `~/.config/bool-cli/config.json`.
Use the least-privileged Bool credential available, keep the config file private, and avoid exposing the API key in shared logs or prompts.
A mistaken deploy could upload unwanted project files to a live Bool site.
Recursive deployment is central to the skill, but a wrong directory or missing exclusions could publish more files than the user intended.
`bool deploy` recursively reads the directory and uploads all text files
Deploy only from a reviewed project directory, use exclusions for files that should not be uploaded, and verify visibility settings before making a site public.
The installed npm package, not just this SKILL.md file, determines what commands actually do on the machine.
The skill depends on an external globally installed npm CLI package. That is normal for this purpose, but the package implementation is outside the provided instruction-only artifact.
Install: `npm install -g bool-cli`
Install the CLI from the expected package/source, keep it updated, and review the package/source if using it in a sensitive environment.