ClawHub

Ghost CMS

v1.0.0

Support for Ghost CMS installation, theme development with Handlebars, CLI commands, API integration, theme validation, dynamic routing, deployment, and trou...

0· 33·0 current·0 all-time
byThemeix LLC@themeix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md content: it covers Ghost CLI, theme development, Content/Admin API usage, and GScan validation. One minor inconsistency: registry metadata lists no homepage/source while package.json and README include repository/homepage URLs (clawhub/github). This is a provenance note but does not contradict the stated purpose.
Instruction Scope
SKILL.md contains concrete commands and examples (npm install -g ghost-cli, ghost install/local, API usage examples) that stay within Ghost CMS setup, theming, and API operations. It does not instruct the agent to read unrelated system files or exfiltrate data. Examples do show where API keys are used (content/admin keys) but these are normal for the documented operations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. The only install-like actions are user-run commands (npm install -g ghost-cli) described in SKILL.md, which are expected for Ghost setup.
Credentials
The skill does not declare required environment variables, but documentation/examples reference Content API keys and Admin API tokens (JWTs). That is appropriate for a Ghost integration, but users must supply credentials themselves; the skill does not request any secrets from the environment via metadata. Recommend keeping keys server-side and not pasting admin keys into interactive chat.
Persistence & Privilege
Skill is not always-enabled and uses the platform defaults for invocation. It does not request persistent system-wide privileges or claim to modify other skills or system configs.
Assessment
This skill appears coherent for Ghost CMS work, but take these precautions before installing/using it: - Verify provenance: the registry entry lists no source while package.json points to external repo/homepage; prefer installing from the official GitHub or Ghost docs if unsure. - Review any shell commands before running (ghost install may change system services, require sudo, configure nginx/mysql, etc.). - Do not paste Admin API keys or production secrets into chat prompts. Generate and store API keys on your server and use server-side JWT generation for Admin API calls. - When installing ghost-cli, use official npm package and consider pinning versions; run in a sandbox or development VM if testing. - Run GScan and theme validation locally rather than sending theme/package contents to unknown endpoints. If you need help with secrets or production deployment, follow Ghost's official docs or trusted guides.

Like a lobster shell, security has layers — review code before you run it.

latestvk970jcdfd5jgakqyww45ht1ck9844xxd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments