ClawHub

Halo Cli Auth

v0.1.1

Use when working with Halo CLI login, bearer token or basic auth, profile setup, profile switching, current profile inspection, or fixing missing keyring cre...

0· 159·0 current·0 all-time
byRyan Wang@ruibaby
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual requirements and instructions. The only required binary is 'halo', which is exactly what's needed to run the described auth commands.
Instruction Scope
SKILL.md limits itself to running 'halo auth' and related profile commands (login, current, profile list/get/use/delete/doctor). It explicitly mentions that secrets live in the system keyring and profile metadata lives in config. It does not instruct reading unrelated files or sending data externally, but it does show examples that pass tokens/passwords on the command line—this can expose secrets via process listings or shell history.
Install Mechanism
No install spec; this is instruction-only so nothing is downloaded or written by the skill itself.
Credentials
The skill declares no environment or credential requirements (appropriate). However, examples encourage passing --token or --password on the CLI, which can leak secrets to process listings or shell history. The mention of the system keyring is reasonable for this purpose and does not imply additional hidden credential requests.
Persistence & Privilege
always:false and no config paths are requested, so the skill does not demand permanent presence. Autonomous invocation is allowed (platform default); because the skill includes destructive commands (profile delete), an agent invoked without careful prompts could perform destructive actions—this is operational risk but not a coherence problem with the skill itself.
Assessment
This skill is a straightforward helper for the 'halo auth' CLI. Before installing: 1) Ensure the 'halo' binary on your system is the legitimate official CLI. 2) Prefer interactive login or other secret-safe methods rather than passing --password or --token on the command line (CLI args can be visible to other users via process listings and are stored in shell history). 3) Be careful with destructive commands like 'profile delete'—confirm intent before running or allow the agent to prompt. 4) If you plan to let agents invoke skills autonomously, consider restricting autonomous actions or requiring confirmation for destructive steps.

Like a lobster shell, security has layers — review code before you run it.

Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
CLI help (from plugin)
halo auth --help
latestvk971he072w90g4z0pm5dqam37n83jw53

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binshalo

Comments