扣子Coze CLI工具

v1.0.0

Interact with Coze CLI (@coze/cli) — create/deploy Coze projects, manage spaces and organizations, send messages to projects, generate images/audio/video, an...

⭐ 0· 126·0 current·0 all-time

by@chaoliuzhu

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chaoliuzhu/delonix-coze-cli.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "扣子Coze CLI工具" (chaoliuzhu/delonix-coze-cli) from ClawHub.
Skill page: https://clawhub.ai/chaoliuzhu/delonix-coze-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install delonix-coze-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install delonix-coze-cli

Security Scan

Capability signals

Requires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description and the SKILL.md consistently describe a wrapper for the official Coze CLI (@coze/cli). The actions described (project CRUD, deploy, message, multimedia generation, file upload) align with that purpose. However, repository/registry metadata show small inconsistencies (different ownerId and slug in _meta.json vs registry metadata and 'Source: unknown' despite README linking to a GitHub repo), which reduces trust in provenance.

Instruction Scope

The runtime instructions instruct the agent to run CLI commands that may read local files and pipe their contents to the remote service (e.g., 'cat error.log | coze code message send' and 'coze file upload <path>'). Those are expected for this CLI but are explicit data exfiltration vectors — any sensitive local file piped/uploaded would be sent to the Coze backend. The instructions also tell the agent to open an OAuth browser flow and to set/consult configuration in ~/.coze/config.json and COZE_CONFIG_FILE. The SKILL.md references many env vars and config paths that are not declared in the skill metadata (see environment_proportionality).

ℹ

Install Mechanism

The skill is instruction-only (no install spec in the bundle). The Quick Start tells users to install via 'npm install -g @coze/cli' — a normal, expected mechanism. Because the skill itself does not include an automated install step, nothing is written by the skill package. Installing the CLI from npm is a separate, standard action; verify you trust the @coze/cli npm package before running it.

Credentials

The skill metadata declares no required environment variables, yet the instructions reference numerous COZE_* environment variables and config files (COZE_ORG_ID, COZE_SPACE_ID, COZE_PROJECT_ID, COZE_CONFIG_FILE, COZE_ENTERPRISE_ID, COZE_AUTO_CHECK_UPDATE, and ~/.coze/config.json). This is a mismatch: the instructions expect env/config values but the skill does not declare them. Some of these values may be harmless IDs, but config files and env vars can store tokens or point the CLI to alternate base_url values. The skill also documents 'coze config set base_url' which could redirect CLI traffic to a custom endpoint — useful for testing but a potential abuse vector if misconfigured.

✓

Persistence & Privilege

The skill is not marked 'always: true' and is user-invocable. It does not request to modify other skills or system-wide settings. No persistent installation behavior is present inside the skill bundle (instruction-only).

Scan Findings in Context

[no_code_files_to_scan] expected: The regex-based scanner had no code files to analyze; this bundle is instruction-only (SKILL.md + README + references). No engine-detected code findings exist, but the lack of code means the scanner provides little signal.

What to consider before installing

This skill appears to be a straightforward CLI helper for the official Coze CLI, but exercise caution before installing/using it: - Verify provenance: the bundle's metadata (ownerId/slug) and 'Source: unknown' conflict with README links; confirm you trust the publisher and the @coze/cli npm package on npmjs.org or the official Coze docs before running installs. - Be careful with local files and env vars: the skill explicitly shows commands that pipe or upload local files (cat file | coze ... and coze file upload). Do not pipe or upload secrets, keys, credentials, or arbitrary ~/ files unless you intend to send them to Coze servers. - Check config and base_url: the CLI reads ~/.coze/config.json and respects COZE_CONFIG_FILE; ensure these files do not contain secrets you don't want transmitted. Avoid switching base_url to unknown endpoints unless you trust them. - OAuth behavior: 'coze auth login --oauth' opens a browser; tokens from OAuth will be stored by the CLI. Review where the CLI stores tokens and limit their scope when possible. - If you need stronger assurance, ask the skill publisher for the canonical source (GitHub repo or npm package link) and verify checksums/version on the npm package before installing. Given the metadata inconsistencies and the undeclared but used env/config variables and explicit file upload/piping instructions (data exfiltration vectors), treat this skill as suspicious until provenance and intended env usage are confirmed.

Like a lobster shell, security has layers — review code before you run it.

latestvk9747dpheq0b6vfj7wb74dkz1s8569gn

126downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

Coze CLI Skill

Overview

This skill enables AI agents to interact with Coze CLI (@coze/cli) — the official command-line tool for Coze/Cozeflow development. It supports project creation, deployment, messaging, multimedia generation, and space management via terminal commands.

Use this skill when: The user wants to create/deploy Coze projects, manage spaces/orgs, generate images/audio/video, send messages to Coze projects, or automate Coze workflows via CLI.

Quick Start

Installation

npm install -g @coze/cli
coze --version   # verify

Authentication

coze auth login --oauth   # opens browser for OAuth flow
coze auth status          # verify login

Initial Setup

# Select organization
coze org list
coze org use <organization_id>

# Select workspace
coze space list
coze space use <space_id>

Core Workflows

Create a Project

# Natural language project creation
coze code project create --message "创建一个数据分析 Web 应用" --type web

# With wait (blocking until done)
coze code project create --message "创建一个客服机器人" --type agent --wait

Supported types: agent, workflow, app, skill, web, miniprogram, assistant

List / Get Projects

coze code project list                          # all projects
coze code project list --type agent --type web  # filter by type
coze code project list --name "客服"            # search by name
coze code project get <project_id>              # detail

Send Message to Project

coze code message send "修复登录页面的样式问题" -p <project_id>

# With local file context
coze code message send "重构 @src/utils.ts 中的代码" -p <project_id>

# Via pipe
cat error.log | coze code message send "分析这个错误日志" -p <project_id>

# Check status / cancel
coze code message status -p <project_id>
coze code message cancel -p <project_id>

Deploy Project

coze code deploy <project_id>           # deploy
coze code deploy <project_id> --wait    # wait for completion
coze code deploy status <project_id>    # check status

Preview Project

coze code preview <project_id>

Manage Environment Variables

coze code env list -p <project_id>                   # dev env
coze code env list -p <project_id> --env prod        # prod env
coze code env set API_KEY xxx -p <project_id>         # set
coze code env delete API_KEY -p <project_id>          # delete

Generate Multimedia

# Image
coze generate image "一只在太空漫步的猫"
coze generate image "未来城市" --output-path ./city.png --size 4K --no-watermark

# Audio
coze generate audio "你好，欢迎使用 Coze CLI"
coze generate audio "你好世界" --output-path ./hello.mp3 --audio-format ogg_opus

# Video
coze generate video create "一只跳舞的小猫"
coze generate video create "日落延时" --wait --output-path ./sunset.mp4 --resolution 1080p --duration 8
coze generate video status <task_id>

Upload File

coze file upload ./document.pdf

Output Format

# Text (default)
coze space list

# JSON (for scripting)
coze space list --format json
coze code project list --format json | jq '.[].name'

CI/CD / Non-Interactive Use

export COZE_ORG_ID=<YOUR_ORG_ID>
export COZE_SPACE_ID=<YOUR_SPACE_ID>
export COZE_PROJECT_ID=<PROJECT_ID>

coze code deploy <project_id> --wait --format json

Global Options

Option	Description
`--format json\|text`	Output format (default: text)
`--no-color`	Disable ANSI colors
`--config <path>`	Custom config file
`--org-id <id>`	Override organization ID
`--space-id <id>`	Override space ID
`-p <project_id>`	Target project ID
`--verbose`	Verbose logging
`--debug`	Full diagnostic logs

Configuration

Config priority (high→low):

Environment variables (COZE_ORG_ID, COZE_SPACE_ID, etc.)
--config CLI flag
COZE_CONFIG_FILE env var
.cozerc.json in project dir
~/.coze/config.json global

coze config list
coze config get base_url
coze config set base_url https://api.coze.cn

Detailed Command Reference

For the full command reference table, see:

→ references/commands.md

Contains: auth, org/space, project CRUD, message, deploy, env, domain, skill, multimedia generation, file upload, config, completion, upgrade, CI/CD env vars, and quick command templates.

Comments

Loading comments...