ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw-Halo-CMS

v1.0.0

博客文章管理技能。当用户提到"发文章"、"写博客"、"Halo"、"发帖"、 "回复评论"、"博客管理"等关键词时使用此技能。

0· 102·0 current·0 all-time
byThomas_Oscar@thomasoscar

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for thomasoscar/openclaw-halo-cms.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenClaw-Halo-CMS" (thomasoscar/openclaw-halo-cms) from ClawHub.
Skill page: https://clawhub.ai/thomasoscar/openclaw-halo-cms
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: HALO_PAT_TOKEN
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-halo-cms

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-halo-cms
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (Halo blog management) matches the code's operations (listing, creating, publishing posts, replying to comments). However the declared primary credential (HALO_PAT_TOKEN, Bearer JWT) in SKILL.md/metadata is not used by the code; instead the script resolves HALO_USER/HALO_PASS (Basic auth) and reads .env.halo files. This is an incoherence between stated purpose/requirements and actual credential usage.
!
Instruction Scope
SKILL.md instructs the agent to run scripts/halo_api.py and specifies Bearer PAT usage and safety constraints, but the script: (1) does not use HALO_PAT_TOKEN, (2) searches for a .env.halo file in the workspace and parent dirs (reads files outside the skill bundle), and (3) relies on HALO_USER/HALO_PASS and HALO_URL. The script therefore accesses environment and filesystem state beyond the declared inputs — this is scope creep and a possible source of secret exposure.
Install Mechanism
No install spec is provided (instruction-only skill plus a Python script). Nothing is downloaded or executed at install time; risk from install mechanism is low. The runtime risk comes from the included script's behavior, not from an installer.
!
Credentials
Metadata declares only HALO_PAT_TOKEN as required, but the script uses/reads HALO_USER, HALO_PASS, HALO_URL, and OPENCLAW_WORKSPACE, plus scanning .env.halo files for credentials. Required envs and file reads are not proportional to the declared HALO_PAT_TOKEN: either the metadata is wrong or the code is misaligned. The script may therefore access credentials the user did not expect to be used.
Persistence & Privilege
always is false, no automatic persistence or modification of other skills is present in the manifest. The skill does not request elevated persistence privileges in the registry metadata.
What to consider before installing
Do not install or run this skill until the author clarifies and/or fixes the credential handling. Specific things to verify or request from the author: (1) Why does SKILL.md declare HALO_PAT_TOKEN (Bearer) while the script uses HALO_USER/HALO_PASS (Basic)? The code should be updated to use the documented credential or the metadata updated to list the envs the script actually needs. (2) Remove or make optional the .env.halo workspace scan — reading parent directories can expose unrelated secrets; prefer explicit env vars only. (3) Document HALO_URL, HALO_USER, HALO_PASS, and OPENCLAW_WORKSPACE in the metadata if they are required. (4) Review the full script (the provided file was truncated) to ensure there are no hidden endpoints or data-exfiltration behaviors. If you must test it, run it in an isolated sandbox with minimal test credentials and set HALO_URL to a controlled test server. Avoid placing real credentials in workspace files until the mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📖 Clawdis
Binspython3
EnvHALO_PAT_TOKEN
Primary envHALO_PAT_TOKEN
latestvk979epe3rfnkq5dy76m0xpdev983fbjn
102downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Thomas_Oscar@thomasoscar
latest
Download

Halo 博客管理技能

通过 Halo REST API 管理博客文章、评论等。

API 认证

PAT Token 存储在环境变量 HALO_PAT_TOKEN 中。使用时去掉 pat_ 前缀,直接使用 JWT 部分。

认证方式:Authorization: Bearer <JWT部分>

API 地址

  • Halo 服务:http://localhost:8090
  • 文章列表(公开):GET /apis/api.content.halo.run/v1alpha1/posts
  • 用户文章管理:GET /apis/uc.api.content.halo.run/v1alpha1/posts

使用方法

通过 python3 调用 scripts/halo_api.py,支持以下命令:

# 获取文章列表
python3 scripts/halo_api.py list_posts

# 获取分类列表
python3 scripts/halo_api.py list_categories

# 获取标签列表
python3 scripts/halo_api.py list_tags

# 发文章(创建草稿,不自动发布)
python3 scripts/halo_api.py create_post --title "标题" --content "# 内容" --slug "url-slug"

# 发文章并直接发布
python3 scripts/halo_api.py create_post --title "标题" --content "# 内容" --slug "url-slug" --publish

# 发文章带分类和标签(使用分类/标签的 displayName)
python3 scripts/halo_api.py create_post --title "标题" --content "# 内容" --slug "url-slug" --categories "默认分类" --tags "技术"

# 发布草稿
python3 scripts/halo_api.py publish_post --name "文章UUID"

# 回复评论
python3 scripts/halo_api.py reply_comment --comment "评论UUID" --content "回复内容"

安全约束(必须严格遵守)

  1. 发布前确认:发文章前必须告诉用户标题和内容摘要,得到明确确认后才发布
  2. 默认创建草稿:不指定 --publish 时,文章仅创建为草稿,不自动发布
  3. 不泄露敏感信息:绝不发布包含以下内容的文章:
    • API Key、密码、Token
    • 服务器 IP 地址、端口、域名配置
    • 系统配置信息、数据库连接串
    • 用户个人隐私信息
  4. 隐私脱敏:如果文章内容涉及他人,必须脱敏处理(隐去真实姓名、联系方式等)
  5. 不擅自操作:不删除文章、不修改他人评论,除非用户明确要求

注意事项

  • --slug 是文章的 URL 路径,会自动从标题生成(使用拼音/英文),建议手动指定
  • 分类和标签使用 displayName,脚本会自动查找对应的 UUID
  • 如果指定的分类/标签不存在,会报错并列出可选的分类/标签

技能包开源发布 秉承开源精神,我们将完整的 Halo CMS 技能包发布到了 GitHub,方便更多人使用和二次开发。

仓库地址ThomasOscar/openclaw-halo-skill

Comments

Loading comments...