{ "schemaVersion": "1.0", "item": { "slug": "redshift", "name": "Redshift", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/accolver/redshift", "canonicalUrl": "https://clawhub.ai/accolver/redshift", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/redshift", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=redshift", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/redshift" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/redshift", "agentPageUrl": "https://openagent3.xyz/skills/redshift/agent", "manifestUrl": "https://openagent3.xyz/skills/redshift/agent.json", "briefUrl": "https://openagent3.xyz/skills/redshift/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Redshift", "body": "Decentralized secret management via the redshift CLI. Secrets are client-side encrypted (NIP-59 Gift Wrap) and stored on Nostr relays — no central server.\n\nProject homepage: https://redshiftapp.com" }, { "title": "Key concepts", "body": "Project (-p): a project slug (e.g. backend, myapp)\nConfig/Environment (-c): an environment slug (e.g. dev, staging, production)\nredshift.yaml: per-directory project config created by redshift setup\nWhen -p/-c are omitted, Redshift reads from redshift.yaml in the current directory" }, { "title": "Security considerations", "body": "Never pass secret values directly on the command line in shared/logged environments — prefer redshift secrets set interactively or pipe from stdin\nUse REDSHIFT_NSEC / REDSHIFT_BUNKER env vars for CI/CD rather than CLI flags\nAvoid redshift serve --host 0.0.0.0 unless you intend to expose the web UI to the network — default 127.0.0.1 is localhost-only\nAll encryption is client-side; secrets never leave the device unencrypted\nPrivate keys are stored in the system keychain, not in plaintext config files" }, { "title": "Authentication", "body": "redshift login # Interactive (recommended)\nredshift login --nsec nsec1... # Direct private key (use env var in CI instead)\nredshift login --bunker \"bunker://pubkey?relay=wss://relay.example&secret=xxx\" # NIP-46 (ALWAYS quote the URL)\nredshift login --connect # Generate NostrConnect URI for bunker app\nredshift me # Check current identity\nredshift logout # Clear credentials\n\nCI/CD: set REDSHIFT_NSEC or REDSHIFT_BUNKER env vars instead of redshift login. These should be stored in your CI platform's secret management (e.g. GitHub Actions secrets), never hardcoded." }, { "title": "Project setup", "body": "redshift setup # Interactive\nredshift setup -p myapp -c production # Non-interactive\nredshift setup --no-interactive -p app -c dev # Strict non-interactive\n\nCreates redshift.yaml with project, environment, and relay list." }, { "title": "Secrets", "body": "# List all\nredshift secrets # Redacted values\nredshift secrets --raw # Show plaintext values\nredshift secrets --json # JSON output\nredshift secrets --only-names # Names only\n\n# Get\nredshift secrets get API_KEY\nredshift secrets get API_KEY --plain # Raw value, no formatting\nredshift secrets get API_KEY --copy # Copy to clipboard\nredshift secrets get KEY1 KEY2 # Multiple keys\n\n# Set\nredshift secrets set API_KEY sk_live_xxx\nredshift secrets set API_KEY '123' DB_URL 'postgres://...' # Multiple at once\n\n# Delete\nredshift secrets delete OLD_KEY\nredshift secrets delete KEY1 KEY2 -y # Skip confirmation\n\n# Download\nredshift secrets download ./secrets.json # JSON (default)\nredshift secrets download --format=env --no-file # Print .env to stdout\nredshift secrets download --format=env ./secrets.env # Save as .env file\n# Formats: json, env, yaml, docker, env-no-quotes\n\n# Upload\nredshift secrets upload secrets.env\n\nOverride project/environment on any secrets command with -p / -c:\n\nredshift secrets -p backend -c production --raw\nredshift secrets set -p myapp -c staging FEATURE_FLAG true" }, { "title": "Run with secrets injected", "body": "Important: Only run commands the user has explicitly requested. Never construct arbitrary commands to pass to redshift run. Always confirm the command with the user before executing.\n\nredshift run -- npm start\nredshift run -- python app.py\nredshift run --command \"npm start && npm test\"\nredshift run -p myapp -c prod -- docker-compose up\n\n# Mount secrets to a file instead of env vars\nredshift run --mount secrets.json -- cat secrets.json\nredshift run --mount secrets.env --mount-format env -- cat secrets.env\n\n# Fallback for offline mode\nredshift run --fallback ./fallback.json -- npm start\nredshift run --fallback-only -- npm start # Read only from fallback\n\n# Preserve existing env values for specific keys\nredshift run --preserve-env PORT,HOST -- npm start" }, { "title": "Configuration", "body": "redshift configure # Show config\nredshift configure --all # Show all saved options\nredshift configure get project # Get specific option\nredshift configure set project=myapp # Set option\nredshift configure unset project # Remove option\nredshift configure reset --yes # Reset to initial state" }, { "title": "Web UI", "body": "redshift serve # http://127.0.0.1:3000 (localhost only)\nredshift serve --port 8080 --open # Custom port, auto-open browser\nredshift serve --host 0.0.0.0 # ⚠️ Exposes to network — use with caution" }, { "title": "Global flags", "body": "FlagShortDescription--help-hShow help--version-vShow version--jsonJSON output--silentSuppress info messages--debugVerbose debug output--config-dirOverride config dir (~/.redshift)" }, { "title": "Environment variables", "body": "VariableDescriptionREDSHIFT_NSECPrivate key for CI/CD (bypasses interactive login)REDSHIFT_BUNKERNIP-46 bunker URL for CI/CD (alternative to nsec)REDSHIFT_CONFIG_DIROverride config directory (default: ~/.redshift)" }, { "title": "Important notes", "body": "Always quote bunker URLs (--bunker \"bunker://...\") — shell interprets & otherwise\nSecret values with spaces or special chars should be quoted\nComplex values (objects/arrays) are auto-JSON-stringified when injected by redshift run" } ], "body": "Redshift\n\nDecentralized secret management via the redshift CLI. Secrets are client-side encrypted (NIP-59 Gift Wrap) and stored on Nostr relays — no central server.\n\nProject homepage: https://redshiftapp.com\n\nKey concepts\nProject (-p): a project slug (e.g. backend, myapp)\nConfig/Environment (-c): an environment slug (e.g. dev, staging, production)\nredshift.yaml: per-directory project config created by redshift setup\nWhen -p/-c are omitted, Redshift reads from redshift.yaml in the current directory\nSecurity considerations\nNever pass secret values directly on the command line in shared/logged environments — prefer redshift secrets set interactively or pipe from stdin\nUse REDSHIFT_NSEC / REDSHIFT_BUNKER env vars for CI/CD rather than CLI flags\nAvoid redshift serve --host 0.0.0.0 unless you intend to expose the web UI to the network — default 127.0.0.1 is localhost-only\nAll encryption is client-side; secrets never leave the device unencrypted\nPrivate keys are stored in the system keychain, not in plaintext config files\nAuthentication\nredshift login # Interactive (recommended)\nredshift login --nsec nsec1... # Direct private key (use env var in CI instead)\nredshift login --bunker \"bunker://pubkey?relay=wss://relay.example&secret=xxx\" # NIP-46 (ALWAYS quote the URL)\nredshift login --connect # Generate NostrConnect URI for bunker app\nredshift me # Check current identity\nredshift logout # Clear credentials\n\n\nCI/CD: set REDSHIFT_NSEC or REDSHIFT_BUNKER env vars instead of redshift login. These should be stored in your CI platform's secret management (e.g. GitHub Actions secrets), never hardcoded.\n\nProject setup\nredshift setup # Interactive\nredshift setup -p myapp -c production # Non-interactive\nredshift setup --no-interactive -p app -c dev # Strict non-interactive\n\n\nCreates redshift.yaml with project, environment, and relay list.\n\nSecrets\n# List all\nredshift secrets # Redacted values\nredshift secrets --raw # Show plaintext values\nredshift secrets --json # JSON output\nredshift secrets --only-names # Names only\n\n# Get\nredshift secrets get API_KEY\nredshift secrets get API_KEY --plain # Raw value, no formatting\nredshift secrets get API_KEY --copy # Copy to clipboard\nredshift secrets get KEY1 KEY2 # Multiple keys\n\n# Set\nredshift secrets set API_KEY sk_live_xxx\nredshift secrets set API_KEY '123' DB_URL 'postgres://...' # Multiple at once\n\n# Delete\nredshift secrets delete OLD_KEY\nredshift secrets delete KEY1 KEY2 -y # Skip confirmation\n\n# Download\nredshift secrets download ./secrets.json # JSON (default)\nredshift secrets download --format=env --no-file # Print .env to stdout\nredshift secrets download --format=env ./secrets.env # Save as .env file\n# Formats: json, env, yaml, docker, env-no-quotes\n\n# Upload\nredshift secrets upload secrets.env\n\n\nOverride project/environment on any secrets command with -p / -c:\n\nredshift secrets -p backend -c production --raw\nredshift secrets set -p myapp -c staging FEATURE_FLAG true\n\nRun with secrets injected\n\nImportant: Only run commands the user has explicitly requested. Never construct arbitrary commands to pass to redshift run. Always confirm the command with the user before executing.\n\nredshift run -- npm start\nredshift run -- python app.py\nredshift run --command \"npm start && npm test\"\nredshift run -p myapp -c prod -- docker-compose up\n\n# Mount secrets to a file instead of env vars\nredshift run --mount secrets.json -- cat secrets.json\nredshift run --mount secrets.env --mount-format env -- cat secrets.env\n\n# Fallback for offline mode\nredshift run --fallback ./fallback.json -- npm start\nredshift run --fallback-only -- npm start # Read only from fallback\n\n# Preserve existing env values for specific keys\nredshift run --preserve-env PORT,HOST -- npm start\n\nConfiguration\nredshift configure # Show config\nredshift configure --all # Show all saved options\nredshift configure get project # Get specific option\nredshift configure set project=myapp # Set option\nredshift configure unset project # Remove option\nredshift configure reset --yes # Reset to initial state\n\nWeb UI\nredshift serve # http://127.0.0.1:3000 (localhost only)\nredshift serve --port 8080 --open # Custom port, auto-open browser\nredshift serve --host 0.0.0.0 # ⚠️ Exposes to network — use with caution\n\nGlobal flags\nFlag\tShort\tDescription\n--help\t-h\tShow help\n--version\t-v\tShow version\n--json\t\tJSON output\n--silent\t\tSuppress info messages\n--debug\t\tVerbose debug output\n--config-dir\t\tOverride config dir (~/.redshift)\nEnvironment variables\nVariable\tDescription\nREDSHIFT_NSEC\tPrivate key for CI/CD (bypasses interactive login)\nREDSHIFT_BUNKER\tNIP-46 bunker URL for CI/CD (alternative to nsec)\nREDSHIFT_CONFIG_DIR\tOverride config directory (default: ~/.redshift)\nImportant notes\nAlways quote bunker URLs (--bunker \"bunker://...\") — shell interprets & otherwise\nSecret values with spaces or special chars should be quoted\nComplex values (objects/arrays) are auto-JSON-stringified when injected by redshift run" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/accolver/redshift", "publisherUrl": "https://clawhub.ai/accolver/redshift", "owner": "accolver", "version": "0.2.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/redshift", "downloadUrl": "https://openagent3.xyz/downloads/redshift", "agentUrl": "https://openagent3.xyz/skills/redshift/agent", "manifestUrl": "https://openagent3.xyz/skills/redshift/agent.json", "briefUrl": "https://openagent3.xyz/skills/redshift/agent.md" } }