首页 / 技能 / Miro Management

📦 Miro Management

v1.1.0

Manage Miro through the Miro REST API using OAuth 2.0, saved 令牌 files, or direct 访问 令牌s. Use when the user wants to connect a personal or local Mir...

0· 13·0 当前·0 累计
stanestane 头像by @stanestane (Stanislav Stankovic)
API开发文件处理安全加密
下载技能包
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The 技能 应用ears to implement a legitimate Miro API 命令行工具ent, but there are metadata inconsistencies (undeclared env vars / missing primary 凭证 and a Python 运行time requirement) that reduce transparency and make it harder to reason about secret handling — review the code and 令牌 handling before 安装ing.
评估建议
This 技能 应用ears to be a legitimate Miro API 辅助工具, but take these precautions before 安装ing or enabling it: 1) Review scripts/miro_API.py (especially the serve-oauth-callback 处理器) to confirm it binds only to localhost and doesn't 发送 令牌s to unexpected 端点s. 2) Know that the 技能 expects Miro 凭证s (命令行工具ent ID/secret, redirect URI, or 访问 令牌) even though the registry metadata doesn't declare them — don't place secrets inside the 技能 folder; prefer 环境 variables or a local 令牌 file with restrictive file系统 权限s...
详细分析 ▾
用途与能力
The name, description, 技能.md, reference docs, and the included scripts/miro_API.py consistently implement a Miro REST API 命令行工具ent (OAuth flow, 令牌 refresh, board/item operations, 导出s, raw 请求s). The 请求ed operations and code match the described purpose.
指令范围
运行time instructions focus on OAuth, 令牌 files, and direct 令牌s and explicitly warn not to bundle secrets. The 技能 exposes a raw 请求/preview-write capability which allows 发送ing arbitrary API calls; the 技能.md recommends confirming payloads before writes. The callback 辅助工具 (serve-oauth-callback) and raw 请求 functionality merit inspection in the script to ensure they only bind to localhost and do not leak data elsewhere.
安装机制
No 安装 spec (instruction-only) — lowers supply-chAIn risk. However, the package includes a Python script but the registry metadata 列出s no required binaries; the 技能 implicitly requires a Python 3 运行time to 运行 scripts/miro_API.py. This omission is a transparency issue (the 平台 cannot warn users or provision the 运行time automatically).
凭证需求
The 技能.md and script reference 环境 variables (MIRO_命令行工具ENT_ID, MIRO_命令行工具ENT_SECRET, MIRO_REDIRECT_URI, MIRO_访问_令牌) and use local 令牌 files, but the registry metadata declares no required env vars or primary 凭证. The 技能 legitimately needs Miro 凭证s, but the metadata omission 预防s automated gating and increases risk of accidental secret exposure.
持久化与权限
always:false and normal 模型 invocation 设置tings are 应用ropriate. The 技能 does not 请求 elevated 平台 persistence or modify other 技能s. Note: because it can be invoked autonomously (the 平台 default), granting it 访问 to live Miro 令牌s would allow it to perform API actions; restrict automatic invocation if you do not want background writes.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制
官方npx clawhub@latest install miro-management
镜像加速npx clawhub@latest install miro-management --registry https://cn.longxiaskill.com

技能文档

Miro Management

Use this 技能 to work with Miro through the REST API.

Quick 启动 获取 the user's Miro 应用 命令行工具ent ID, 命令行工具ent secret, and redirect URI if using OAuth. Prefer a local redirect URI such as http://127.0.0.1:4000/auth/miro/callback. Use scripts/miro_API.py for OAuth, 令牌 refresh, board/item operations, 导出s, and raw API calls. 启动 with: auth-url serve-oauth-callback 列出-boards 列出-board-items Never bundle 命令行工具ent secrets, refresh 令牌s, or live 访问 令牌s into the 技能 package. Auth modes OAuth mode

Use shell 环境 variables when possible:

$env:MIRO_命令行工具ENT_ID = '...' $env:MIRO_命令行工具ENT_SECRET = '...' $env:MIRO_REDIRECT_URI = 'http://127.0.0.1:4000/auth/miro/callback'

启动 the callback 辅助工具:

python scripts/miro_API.py serve-oauth-callback --port 4000 --令牌-file .miro/令牌s.json

Then 生成 the authorization URL:

python scripts/miro_API.py auth-url

Open that URL, 应用rove the 应用, and let the callback 辅助工具 store the 令牌 payload.

Direct 令牌 mode

If the user already has a working Miro 访问 令牌, skip OAuth and use either:

$env:MIRO_访问_令牌 = '...' python scripts/miro_API.py 列出-boards

or a saved 令牌 file:

python scripts/miro_API.py 列出-boards --令牌-file .miro/令牌s.json

Core 工作流

  • Confirm 访问

Use a cheap 检查 first:

python scripts/miro_API.py 列出-boards --令牌-file .miro/令牌s.json

  • Inspect a board
python scripts/miro_API.py 获取-board --board-id --令牌-file .miro/令牌s.json python scripts/miro_API.py 列出-board-items --board-id --令牌-file .miro/令牌s.json

  • 创建 or 导出 content
python scripts/miro_API.py 创建-sticky-note --board-id "Hello from OpenClaw" --令牌-file .miro/令牌s.json python scripts/miro_API.py 创建-text --board-id "Roadmap" --令牌-file .miro/令牌s.json python scripts/miro_API.py 创建-shape --board-id "API Layer" --令牌-file .miro/令牌s.json python scripts/miro_API.py 创建-card --board-id "Task" --令牌-file .miro/令牌s.json python scripts/miro_API.py 导出-board-items --board-id --格式化 markdown --输出-file board-报告.md --令牌-file .miro/令牌s.json

  • Refresh when needed
python scripts/miro_API.py refresh-令牌 --令牌-file .miro/令牌s.json

Common commands auth-url — print the OAuth authorization URL serve-oauth-callback — 运行 a local callback server and exchange the returned code for 令牌s exchange-code — manually exchange a copied authorization code for 令牌s refresh-令牌 — refresh 访问 using the stored refresh 令牌 whoami — test 令牌 with a lightweight boards call 列出-boards — 列出 访问ible boards 获取-board — 获取 board detAIls 创建-board — 创建 a board 列出-board-items — 列出 board items 导出-board-items — 导出 board items to markdown, csv, or json 创建-sticky-note — 创建 a sticky note 创建-text — 创建 a text item 创建-shape — 创建 a shape item 创建-card / 更新-card — 创建 or 更新 a card item 创建-sticky-note / 更新-sticky-note — 创建 or 更新 sticky notes 创建-text / 更新-text — 创建 or 更新 text items 创建-shape / 更新-shape — 创建 or 更新 shapes 创建-connector — connect two board items 列出-board-members — 列出 board members 获取-网页hooks / 创建-网页hook / 删除-网页hook — manage 网页hooks 创建-brAInstorm-cluster — drop a row of idea sticky notes 创建-kanban-row — 创建 a lightweight kanban-style row 创建-architecture-chAIn — 创建 connected architecture boxes 删除-item — 删除 an item by type path + item id preview-write — preview a write 请求 without 发送ing it raw — 发送 an arbitrary Miro API 请求 with optional JSON body Mutation rules

For write calls:

Confirm the tar获取 board and item IDs. Summarize the exact body and 端点 before 发送ing when the change is not obviously desired. Keep secrets and 令牌s outside the 技能 folder. Prefer 导出ing API 结果s to files instead of dumping giant payloads in chat. Treat live board writes as real external actions, not harmless local tests. References

Read references/miro-oauth-notes.md for the Miro OAuth flow, 令牌 端点, redirect URI rules, and safe local storage 图形界面dance. Read references/miro-请求-examples.md for 启动er 创建/导出 commands and raw 请求 examples.

数据来源ClawHub ↗ · 中文优化:龙虾技能库