{ "schemaVersion": "1.0", "item": { "slug": "shortcut-skill", "name": "Shortcut Epic and Story skill", "source": "tencent", "type": "skill", "category": "开发巄具", "sourceUrl": "https://clawhub.ai/incognos/shortcut-skill", "canonicalUrl": "https://clawhub.ai/incognos/shortcut-skill", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/shortcut-skill", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=shortcut-skill", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "references/create-stories.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/shortcut-skill" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/shortcut-skill", "agentPageUrl": "https://openagent3.xyz/skills/shortcut-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/shortcut-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/shortcut-skill/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Shortcut.com Skill šŸŽÆ", "body": "Read and write Shortcut.com stories, epics, and workflows via the REST API v3." }, { "title": "Auth Setup", "body": "Token is stored at ~/.openclaw/secrets/shortcut (mode 600, readable only by your user).\n\nSHORTCUT_API_TOKEN=$(cat ~/.openclaw/secrets/shortcut 2>/dev/null)\nBASE=\"https://api.app.shortcut.com/api/v3\"\n\nIf empty, ask the user for their API token, then save it:\n\nmkdir -p ~/.openclaw/secrets\necho -n \"\" > ~/.openclaw/secrets/shortcut && chmod 600 ~/.openclaw/secrets/shortcut\n\nGenerate a token at app.shortcut.com ā†’ Settings ā†’ API Tokens. Shortcut tokens have full member-level access ā€” no scope restriction is available. Rotate or delete the token at any time from the same settings page.\n\nIf you prefer not to persist the token on disk, skip saving and export it for the session only:\nexport SHORTCUT_API_TOKEN=\"\"" }, { "title": "āš ļø JSON Construction Rule", "body": "Always use jq -n --arg / --argjson to build request bodies. Never interpolate user-supplied values directly into shell strings ā€” this prevents shell injection from values containing quotes, backticks, or $().\n\n# āœ… Safe ā€” jq handles all escaping\nDATA=$(jq -n --arg name \"$TITLE\" --arg desc \"$DESCRIPTION\" \\\n '{name: $name, description: $desc}')\ncurl -s -X POST -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" -d \"$DATA\" \"$BASE/stories\"\n\n# āŒ Unsafe ā€” never do this\ncurl ... -d \"{\\\"name\\\": \\\"$TITLE\\\"}\"" }, { "title": "Get a Story", "body": "curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/stories/\" | \\\n jq '{id, name, story_type, description, workflow_state_id, estimate, epic_id, labels: [.labels[].name]}'\n\nStrip the sc- prefix from IDs (use the number only)." }, { "title": "Search Stories", "body": "curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n \"$BASE/search/stories?$(jq -rn --arg q \"$QUERY\" 'query=\\($q|@uri)&page_size=10')\" | \\\n jq '.data[] | {id, name, story_type, estimate}'" }, { "title": "List My Stories", "body": "ME=$(curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/member\" | jq -r '.id')\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n \"$BASE/search/stories?owner_id=${ME}&page_size=25\" | \\\n jq '.data[] | {id, name, story_type, workflow_state_id}'" }, { "title": "List Workflows & States", "body": "curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/workflows\" | \\\n jq '.[] | {workflow: .name, states: [.states[] | {id, name, type}]}'" }, { "title": "List Epics", "body": "curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/epics\" | \\\n jq '.[] | {id, name, state, total_stories: .stats.num_stories_total}'" }, { "title": "Get Epic Stories", "body": "curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/epics//stories\" | \\\n jq '.[] | {id, name, story_type, workflow_state_id, estimate}'" }, { "title": "List Teams (Groups)", "body": "curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/groups\" | \\\n jq '[.[] | {id, name, mention_name}]'" }, { "title": "Writing", "body": "All write operations build JSON with jq -n --arg to safely handle user-supplied strings." }, { "title": "Create Story", "body": "DATA=$(jq -n \\\n --arg name \"$STORY_TITLE\" \\\n --arg description \"$STORY_DESCRIPTION\" \\\n --arg story_type \"$STORY_TYPE\" \\\n --argjson estimate \"$ESTIMATE\" \\\n --argjson workflow_state_id \"$STATE_ID\" \\\n --arg group_id \"$GROUP_ID\" \\\n --argjson epic_id \"$EPIC_ID\" \\\n '{name: $name, description: $description, story_type: $story_type,\n estimate: $estimate, workflow_state_id: $workflow_state_id,\n group_id: $group_id, epic_id: $epic_id}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/stories\" | jq '{id, name, app_url}'\n\nStory types: feature, bug, chore\n\nTo add labels, extend the jq expression:\n\nDATA=$(jq -n --arg name \"$TITLE\" --arg label \"mobile\" \\\n '{name: $name, labels: [{name: $label}]}')" }, { "title": "Create Epic", "body": "DATA=$(jq -n \\\n --arg name \"$EPIC_TITLE\" \\\n --arg description \"$EPIC_DESCRIPTION\" \\\n --arg group_id \"$GROUP_ID\" \\\n '{name: $name, description: $description, group_id: $group_id}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/epics\" | jq '{id, name, app_url}'" }, { "title": "Update Story (state, estimate, title, etc.)", "body": "DATA=$(jq -n --argjson state \"$NEW_STATE_ID\" '{workflow_state_id: $state}')\n\ncurl -s -X PUT \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/stories/$STORY_ID\" | jq '{id, name, workflow_state_id}'" }, { "title": "Add Comment", "body": "DATA=$(jq -n --arg text \"$COMMENT_TEXT\" '{text: $text}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/stories/$STORY_ID/comments\" | jq '{id, text}'" }, { "title": "Wire Story Dependencies (blocker links)", "body": "DATA=$(jq -n \\\n --argjson object_id \"$BLOCKED_ID\" \\\n --argjson subject_id \"$BLOCKER_ID\" \\\n '{object_id: $object_id, subject_id: $subject_id, verb: \"blocks\"}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/story-links\" | jq '{id, verb}'" }, { "title": "Workflow State Reference", "body": "Common default state IDs (verify with the workflows endpoint for your workspace):\n\nStateTypical IDBacklog500000008Ready for Development500000007In Development500000006Ready for Review500000010Completed500000011\n\nAlways confirm state IDs by calling /workflows ā€” they vary per account." }, { "title": "Bulk Story Creation", "body": "For creating full epics with multiple dependent stories, see references/create-stories.md." }, { "title": "Display Format", "body": "Stories:\n\nšŸŽÆ sc-1234 ā€” User Authentication Flow [feature, 5pts]\n Status: In Development | Epic: Auth & Onboarding\n Labels: backend, mobile\n\n > Users should be able to log in with email/password...\n\nBacklog list (table format):\n\n| ID | Story | Type | Pts | State |\n|---------|--------------------------|---------|-----|---------|\n| sc-1234 | User Auth Flow | feature | 5 | In Dev |\n| sc-1235 | Fix password reset email | bug | 2 | Backlog |" }, { "title": "Tips", "body": "Always check for API token before making requests\nStrip sc- prefix from story IDs for API calls\nLabels are auto-created by Shortcut if they don't exist ā€” safe to pass new label names\nRate limit: 200 req/min ā€” not a concern in normal usage\nFor exact story lookup always use /stories/ directly, not search" } ], "body": "Shortcut.com Skill šŸŽÆ\n\nRead and write Shortcut.com stories, epics, and workflows via the REST API v3.\n\nAuth Setup\n\nToken is stored at ~/.openclaw/secrets/shortcut (mode 600, readable only by your user).\n\nSHORTCUT_API_TOKEN=$(cat ~/.openclaw/secrets/shortcut 2>/dev/null)\nBASE=\"https://api.app.shortcut.com/api/v3\"\n\n\nIf empty, ask the user for their API token, then save it:\n\nmkdir -p ~/.openclaw/secrets\necho -n \"\" > ~/.openclaw/secrets/shortcut && chmod 600 ~/.openclaw/secrets/shortcut\n\n\nGenerate a token at app.shortcut.com ā†’ Settings ā†’ API Tokens. Shortcut tokens have full member-level access ā€” no scope restriction is available. Rotate or delete the token at any time from the same settings page.\n\nIf you prefer not to persist the token on disk, skip saving and export it for the session only: export SHORTCUT_API_TOKEN=\"\"\n\nāš ļø JSON Construction Rule\n\nAlways use jq -n --arg / --argjson to build request bodies. Never interpolate user-supplied values directly into shell strings ā€” this prevents shell injection from values containing quotes, backticks, or $().\n\n# āœ… Safe ā€” jq handles all escaping\nDATA=$(jq -n --arg name \"$TITLE\" --arg desc \"$DESCRIPTION\" \\\n '{name: $name, description: $desc}')\ncurl -s -X POST -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" -d \"$DATA\" \"$BASE/stories\"\n\n# āŒ Unsafe ā€” never do this\ncurl ... -d \"{\\\"name\\\": \\\"$TITLE\\\"}\"\n\nReading\nGet a Story\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/stories/\" | \\\n jq '{id, name, story_type, description, workflow_state_id, estimate, epic_id, labels: [.labels[].name]}'\n\n\nStrip the sc- prefix from IDs (use the number only).\n\nSearch Stories\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n \"$BASE/search/stories?$(jq -rn --arg q \"$QUERY\" 'query=\\($q|@uri)&page_size=10')\" | \\\n jq '.data[] | {id, name, story_type, estimate}'\n\nList My Stories\nME=$(curl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/member\" | jq -r '.id')\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n \"$BASE/search/stories?owner_id=${ME}&page_size=25\" | \\\n jq '.data[] | {id, name, story_type, workflow_state_id}'\n\nList Workflows & States\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/workflows\" | \\\n jq '.[] | {workflow: .name, states: [.states[] | {id, name, type}]}'\n\nList Epics\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/epics\" | \\\n jq '.[] | {id, name, state, total_stories: .stats.num_stories_total}'\n\nGet Epic Stories\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/epics//stories\" | \\\n jq '.[] | {id, name, story_type, workflow_state_id, estimate}'\n\nList Teams (Groups)\ncurl -s -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \"$BASE/groups\" | \\\n jq '[.[] | {id, name, mention_name}]'\n\nWriting\n\nAll write operations build JSON with jq -n --arg to safely handle user-supplied strings.\n\nCreate Story\nDATA=$(jq -n \\\n --arg name \"$STORY_TITLE\" \\\n --arg description \"$STORY_DESCRIPTION\" \\\n --arg story_type \"$STORY_TYPE\" \\\n --argjson estimate \"$ESTIMATE\" \\\n --argjson workflow_state_id \"$STATE_ID\" \\\n --arg group_id \"$GROUP_ID\" \\\n --argjson epic_id \"$EPIC_ID\" \\\n '{name: $name, description: $description, story_type: $story_type,\n estimate: $estimate, workflow_state_id: $workflow_state_id,\n group_id: $group_id, epic_id: $epic_id}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/stories\" | jq '{id, name, app_url}'\n\n\nStory types: feature, bug, chore\n\nTo add labels, extend the jq expression:\n\nDATA=$(jq -n --arg name \"$TITLE\" --arg label \"mobile\" \\\n '{name: $name, labels: [{name: $label}]}')\n\nCreate Epic\nDATA=$(jq -n \\\n --arg name \"$EPIC_TITLE\" \\\n --arg description \"$EPIC_DESCRIPTION\" \\\n --arg group_id \"$GROUP_ID\" \\\n '{name: $name, description: $description, group_id: $group_id}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/epics\" | jq '{id, name, app_url}'\n\nUpdate Story (state, estimate, title, etc.)\nDATA=$(jq -n --argjson state \"$NEW_STATE_ID\" '{workflow_state_id: $state}')\n\ncurl -s -X PUT \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/stories/$STORY_ID\" | jq '{id, name, workflow_state_id}'\n\nAdd Comment\nDATA=$(jq -n --arg text \"$COMMENT_TEXT\" '{text: $text}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/stories/$STORY_ID/comments\" | jq '{id, text}'\n\nWire Story Dependencies (blocker links)\nDATA=$(jq -n \\\n --argjson object_id \"$BLOCKED_ID\" \\\n --argjson subject_id \"$BLOCKER_ID\" \\\n '{object_id: $object_id, subject_id: $subject_id, verb: \"blocks\"}')\n\ncurl -s -X POST \\\n -H \"Shortcut-Token: $SHORTCUT_API_TOKEN\" \\\n -H \"Content-Type: application/json\" \\\n -d \"$DATA\" \"$BASE/story-links\" | jq '{id, verb}'\n\nWorkflow State Reference\n\nCommon default state IDs (verify with the workflows endpoint for your workspace):\n\nState\tTypical ID\nBacklog\t500000008\nReady for Development\t500000007\nIn Development\t500000006\nReady for Review\t500000010\nCompleted\t500000011\n\nAlways confirm state IDs by calling /workflows ā€” they vary per account.\n\nBulk Story Creation\n\nFor creating full epics with multiple dependent stories, see references/create-stories.md.\n\nDisplay Format\n\nStories:\n\nšŸŽÆ sc-1234 ā€” User Authentication Flow [feature, 5pts]\n Status: In Development | Epic: Auth & Onboarding\n Labels: backend, mobile\n\n > Users should be able to log in with email/password...\n\n\nBacklog list (table format):\n\n| ID | Story | Type | Pts | State |\n|---------|--------------------------|---------|-----|---------|\n| sc-1234 | User Auth Flow | feature | 5 | In Dev |\n| sc-1235 | Fix password reset email | bug | 2 | Backlog |\n\nTips\nAlways check for API token before making requests\nStrip sc- prefix from story IDs for API calls\nLabels are auto-created by Shortcut if they don't exist ā€” safe to pass new label names\nRate limit: 200 req/min ā€” not a concern in normal usage\nFor exact story lookup always use /stories/ directly, not search" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/incognos/shortcut-skill", "publisherUrl": "https://clawhub.ai/incognos/shortcut-skill", "owner": "incognos", "version": "1.0.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/shortcut-skill", "downloadUrl": "https://openagent3.xyz/downloads/shortcut-skill", "agentUrl": "https://openagent3.xyz/skills/shortcut-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/shortcut-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/shortcut-skill/agent.md" } }