maxfritzhand-bolta-skills-index
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install clawskills:clawskills~maxfritzhand-bolta-skills-indexcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/clawskills%3Aclawskills~maxfritzhand-bolta-skills-index/file -o maxfritzhand-bolta-skills-index.md# SKILL: bolta.skills.index
Display name: Bolta Skills Registry
Slug: bolta-skills-registry
Version: 0.5.4
Tags: registry,catalog,bootstrap,workspace,index,discovery
Organization: bolta.ai
Author: Max Fritzhand
Type: registry
Executes: false
## Metadata
```json
{
"name": "bolta.skills.index",
"version": "0.5.4",
"publisher": "bolta.ai",
"verified": true,
"sourceRepository": "https://github.com/boltaai/bolta-skills",
"requiredEnvironmentVariables": [
{
"name": "BOLTA_API_KEY",
"required": true,
"sensitive": true,
"description": "Bolta API key (obtain at bolta.ai/register)",
"format": "sk_live_[64 characters]",
"scope": "workspace"
},
{
"name": "BOLTA_WORKSPACE_ID",
"required": true,
"sensitive": false,
"description": "Workspace UUID for API operations",
"format": "UUID"
},
{
"name": "BOLTA_AGENT_ID",
"required": false,
"sensitive": false,
"description": "Agent principal UUID (for audit logging)",
"format": "UUID"
}
],
"trustedDomains": [
"platty.boltathread.com",
"bolta.ai"
],
"permissions": [
"network:https:platty.boltathread.com",
"network:https:bolta.ai"
],
"thirdPartyPackages": [
{
"name": "@boltaai/mcp-server",
"registry": "npm",
"verified": true,
"sourceRepository": "https://github.com/boltaai/bolta-mcp-server"
}
]
}
```
## ⚠️ Security Notice
**This skill requires sensitive API credentials. Read this section carefully before installing.**
### Required Credentials
**BOLTA_API_KEY** (REQUIRED, SENSITIVE)
- **Format:** `sk_live_` followed by 64 alphanumeric characters
- **Obtain at:** https://bolta.ai/register
- **Scoping:** Each key is scoped to a SINGLE workspace only
- **Permissions:** Grant LEAST-PRIVILEGE access (e.g., only `posts:write` if creating content)
- **Rotation:** Rotate every 90 days using `bolta.team.rotate_key` skill
- **Storage:** NEVER commit to git - use environment variables or secret managers only
**BOLTA_WORKSPACE_ID** (REQUIRED)
- **Format:** UUID (e.g., `550e8400-e29b-41d4-a716-446655440000`)
- **Source:** Provided during agent registration at bolta.ai/register
- **Purpose:** Identifies which workspace the API key is authorized for
**BOLTA_AGENT_ID** (OPTIONAL, RECOMMENDED)
- **Format:** UUID
- **Purpose:** Links API activity to specific agent principal for audit logs
- **Benefit:** Enables traceability and compliance reporting
### Trusted Network Endpoints
This skill makes HTTPS requests to:
- ✅ `https://platty.boltathread.com` - Bolta API server
- ✅ `https://bolta.ai` - Main application and agent registration portal
**No other domains are contacted.** All requests are authenticated with your API key.
### Third-Party Dependencies
This skill references:
- `@boltaai/mcp-server` (npm package for Claude Desktop integration)
- **Source:** https://github.com/boltaai/bolta-mcp-server
- **Verified:** Yes (official Bolta package)
- **Purpose:** Connects Claude Desktop to Bolta API via MCP protocol
### Pre-Installation Checklist
**Before installing this skill, you MUST:**
- [ ] Verify the source repository: https://github.com/boltaai/bolta-skills
- [ ] Review the SKILL.md and confirm version matches metadata (currently 0.5.4)
- [ ] Obtain a LEAST-PRIVILEGE API key from https://bolta.ai/register
- [ ] Store API key in environment variables (NEVER hardcode or commit)
- [ ] Verify you trust the domains: `platty.boltathread.com` and `bolta.ai`
- [ ] Test in a disposable/test workspace first (recommended)
- [ ] Confirm your API key is scoped ONLY to the intended workspace
**If you cannot verify the above, DO NOT install this skill.**
### Security Best Practices
1. **Credential Management**
- Use environment variables: `export BOLTA_API_KEY="sk_live_..."`
- Or use secret managers: AWS Secrets Manager, 1Password, etc.
- NEVER paste API keys in chat, logs, or public places
2. **Key Rotation**
- Rotate keys every 90 days minimum
- Use `bolta.team.rotate_key` skill for zero-downtime rotation
- Revoke compromised keys immediately at bolta.ai/settings
3. **Permission Scoping**
- Grant ONLY required permissions (e.g., `posts:write`, `voice:read`)
- Avoid `workspace:admin` unless absolutely necessary
- Review permissions quarterly
4. **Monitoring**
- Review audit logs weekly via `bolta.audit.export_activity`
- Monitor quota usage via `bolta.quota.status`
- Set up alerts for unusual API activity
5. **Workspace Isolation**
- One API key per workspace (NEVER share keys across workspaces)
- Use separate keys for dev/staging/production environments
- Revoke keys when decommissioning workspaces
## Purpose
**The canonical registry and orchestration layer for all Bolta skills.**
This skill serves as the single source of truth for skill discovery, installation recommendations, and workspace-aware capability bootstrapping. It does not execute content operations directly — instead, it provides intelligent routing to the appropriate skills based on:
- **Workspace policy** (Safe Mode, autonomy mode, quotas)
- **Principal identity** (user role, agent permissions)
- **Operational context** (what you're trying to accomplish)
**Key Responsibilities:**
1. **Discovery** - Index all available skills with metadata
2. **Recommendation** - Suggest install sets based on workspace policy and role
3. **Orchestration** - Guide multi-skill workflows
4. **Compatibility** - Enforce skill compatibility with workspace settings
5. **Bootstrapping** - Help new workspaces get started quickly
**When to Use:**
- Setting up a new workspace ("What skills should I install?")
- Discovering available capabilities ("What can Bolta do?")
- Troubleshooting skill compatibility ("Why can't I use this skill?")
- Planning multi-step workflows ("Which skills do I need?")
**Data Access:**
This skill accesses:
- ✅ Workspace configuration (policy, quotas, autonomy mode)
- ✅ Voice profile metadata (names, IDs, not full content)
- ✅ Post counts and quota usage
- ✅ Agent principal permissions
This skill does NOT access:
- ❌ Post content or scheduled posts
- ❌ Social media credentials
- ❌ User passwords or authentication tokens
- ❌ Files or media uploads
## Source & Verification
https://github.com/boltaai/bolta-skills
---
## Getting Started: Agent API Setup
Before using Bolta skills, you need to set up agent API access to authenticate your requests.
### Step 1: Register Your Agent
Visit **[bolta.ai/register](https://bolta.ai/register)** to create your agent principal and obtain an API key.
**What you'll need:**
- Bolta workspace (create one at bolta.ai if you don't have one)
- Admin or Owner role in your workspace
### Step 2: Create Agent Principal
During registration, you'll configure:
**Agent Name**
```
Example: "Claude Content Agent"
Description: Human-readable name for audit logs
```
**Agent Role**
```
Options:
- creator - Can create drafts (recommended for testing)
- editor - Can create + schedule posts
- reviewer - Can approve/reject posts (review-only access)
Recommended: Start with "creator" role for safety
```
**Permissions**
```
Minimum for content skills:
✓ posts:write - Create posts
✓ voice:read - Read voice profiles
Optional (based on use case):
□ posts:schedule - Schedule posts (requires editor+ role)
□ posts:approve - Approve posts for publishing
□ templates:read - Use content templates
□ cron:execute - Run automated jobs
```
### Step 3: Copy Your API Key
After registration, you'll receive:
```
API Key: sk_live_00000000000000000000000000000000
Workspace ID: 550e8400-e29b-41d4-a716-446655440000
Agent ID: 660e8400-e29b-41d4-a716-446655440001
```
**IMPORTANT:**
- ⚠️ Store API key securely (never commit to git)
- ⚠️ Keys cannot be recovered (only regenerated via `bolta.team.rotate_key`)
- ⚠️ Each key is scoped to ONE workspace
### Step 4: Configure Your Environment
**Set Required Envi