Install
openclaw skills install halo-blog-managerHalo Blog Manager
v1.0.0Manage Halo blogs via API - create/edit/delete posts, manage categories/tags, handle comments, upload media. Use when user asks to manage their Halo blog, po...
0· 113· 1 versions· 0 current· 0 all-time· Updated 13h ago· MIT-0
bysirius@siyrs
Security Scans
Halo Manager
Manage Halo blogs through the official API.
First-Time Setup
When this skill is first used, ask the user for:
- Blog URL (e.g.,
https://blog.example.com) - Username
- Password
Then save credentials to ~/halo-manager/config.json:
{
"blog_url": "https://blog.example.com",
"username": "your-username",
"password": "your-password"
}
Security Note: Never expose credentials in logs, responses, or shared channels.
Authentication
Halo uses RSA-encrypted password + CSRF token + Session cookie.
Login Flow
- GET
/login- Extract CSRF token and RSA public key - Encrypt password with RSA public key (JSEncrypt)
- POST
/loginwith form data (username, encrypted password, CSRF token) - Receive SESSION cookie for subsequent requests
Session Management
- Use SESSION cookie for all authenticated requests
- If session expires, re-login automatically
- Store session state in
~/halo-manager/session.json
API Endpoints
Console API Base
{blog_url}/apis/api.console.halo.run/v1alpha1/
Posts
| Operation | Method | Endpoint |
|---|---|---|
| List posts | GET | /posts |
| Get post | GET | /posts/{name} |
| Create post | POST | /posts |
| Update post | PUT | /posts/{name} |
| Delete post | DELETE | /posts/{name} |
Categories
| Operation | Method | Endpoint |
|---|---|---|
| List categories | GET | /categories |
| Create category | POST | /categories |
| Update category | PUT | /categories/{name} |
| Delete category | DELETE | /categories/{name} |
Tags
| Operation | Method | Endpoint |
|---|---|---|
| List tags | GET | /tags |
| Create tag | POST | /tags |
| Update tag | PUT | /tags/{name} |
| Delete tag | DELETE | /tags/{name} |
Users
| Operation | Method | Endpoint |
|---|---|---|
| List users | GET | /users |
| Get current user | GET | /users/- |
Comments
| Operation | Method | Endpoint |
|---|---|---|
| List comments | GET | /comments |
| Approve comment | PUT | /comments/{name}/approval |
| Delete comment | DELETE | /comments/{name} |
Media
| Operation | Method | Endpoint |
|---|---|---|
| List attachments | GET | /attachments |
| Upload attachment | POST | /attachments |
| Delete attachment | DELETE | /attachments/{name} |
Common Workflows
Create a Post
- Login to get session
- Prepare post data:
{
"post": {
"spec": {
"title": "Post Title",
"slug": "post-slug",
"content": "Post content in Markdown",
"rawType": "markdown",
"categories": ["category-name"],
"tags": ["tag1", "tag2"],
"publish": true
}
}
}
- POST to
/posts - Verify creation
Upload Media
- Login to get session
- Prepare multipart form data
- POST to
/attachments - Get attachment URL from response
Error Handling
| Status | Meaning | Action |
|---|---|---|
| 401 | Unauthorized | Re-login |
| 403 | Forbidden | Check permissions |
| 404 | Not found | Verify resource exists |
| 500 | Server error | Retry or report |
Output Format
【操作名称】
请求:{method} {endpoint}
状态:{status_code}
结果:成功/失败
详情:...
Security Best Practices
- Never log credentials - Mask passwords in all outputs
- Use HTTPS - Always prefer secure connections
- Session timeout - Re-authenticate when session expires
- Local storage only - Credentials stay on user's machine
References
- API Reference - Complete API documentation
- Examples - Common usage examples
Version tags
latest