一键导入
install-skill
Install a pasted SKILL.md (or one fetched from a URL or file path) into the user-skill directory, reviewing risk and connector requirements.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Install a pasted SKILL.md (or one fetched from a URL or file path) into the user-skill directory, reviewing risk and connector requirements.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | install-skill |
| description | Install a pasted SKILL.md (or one fetched from a URL or file path) into the user-skill directory, reviewing risk and connector requirements. |
| license | MIT |
| compatibility | Requires the gini gateway and curl. Skills that need extra binaries will fail health checks after install — surface that clearly. |
| allowed-tools | Bash file_write |
| metadata | {"gini":{"version":"1.0.0","author":"Gini","category":"meta","requires":{"credentials":[]}}} |
You install a SKILL.md the user supplied — pasted text, a URL, or a file path — into the runtime's user-skills directory. You also review risk and surface the credentials the new skill will need.
Acquire the SKILL.md text:
curl -fsSL <url>. Refuse if
the host is not HTTPS unless it's localhost.Validate the SKILL.md against the spec without writing to disk:
bun run gini skill validate /tmp/incoming-skill.md
metadata.gini.*). If the issues are substantive (referencing a
credential that isn't configured), see step 4.Review the scripts and the body for risk. Read every sidecar file the user provided. Summarize for the user:
bash, curl, psql, …).Resolve the credential requirements declared under
metadata.gini.requires.credentials (a list of credential names). An
incoming skill may instead carry the legacy
metadata.gini.requires.connectors (with provider: items); that form
is still accepted, but rewrite it to requires.credentials names
(e.g. linear → LINEAR_API_KEY, google-oauth-desktop →
google-workspace-oauth) when you install:
GET /api/connectors to see whether
the user already has a healthy credential with that name.metadata.gini.prerequisites.commands.Surface the allowed-tools declaration to the user. Read the
skill's frontmatter allowed-tools value (space-separated) and
summarize for the user: "This skill declares it will use:
<tool list>. The audit trail records every invocation."
Install via the API:
curl -sS -X POST http://localhost:<runtime-port>/api/skills \
-H "authorization: Bearer $GINI_TOKEN" \
-H "content-type: application/json" \
-d "$(jq -nc \
--arg body "$(cat /tmp/incoming-skill.md)" \
'{ body: $body }')"
The endpoint writes the file flat under
~/.gini/instances/<instance>/skills/<name>/SKILL.md, triggers a
loader reload, and returns the new enabled SkillRecord. User-installed
skills never nest under a category subfolder.
MANDATORY — prompt for every missing credential before you report
the skill ready. Installing the skill is NOT the end of the task.
The install response (step 6) returns the new SkillRecord — use its
id as the skillId. Then:
metadata.gini.requires.credentials
list.GET /api/connectors
for an existing healthy credential with that name.request_connector so the user enters it securely. Do this for
every missing credential — do not skip any, do not batch them into
prose, do not defer to "the next time the skill runs":
LINEAR_API_KEY → linear): request_connector with that
provider id plus skillId.request_connector
with {name: "<CREDENTIAL_NAME>", type: "<api-key|oauth2>", skillId: "<installed skill id>", reason: "<what the credential is for and where to get it>"}. Infer type from the name: an
UPPER_SNAKE env-var token (e.g. SOME_SERVICE_API_KEY) is
api-key; a kebab handle is oauth2.Do not stop after "installed." A skill with a missing required
credential is NOT ready to use — it stays inactive until the credential
is granted. You may report the skill as ready ONLY when either every
required credential has been provided (each request_connector card
completed) OR the user has explicitly declined to provide it. If the
user has not yet responded to a card, the task is still in progress;
wait for it, do not declare completion.
Completing the card stores the credential as a typed record AND grants
it to the installed skill — the skill activates once all its
credentials are granted, so there is no separate grant step and no
/skills trip. The secure card captures the secret server-side; the
value never enters the chat transcript.
The /skills page (find the installed skill's row, click the inline
[Set up <Credential>] button) is a fallback only — use it if the
secure card cannot render (e.g. the conversation is not in the web
chat).
request_connector (step 7) is MANDATORY, not optional.
Never report the skill as installed/ready and then stop while a required
credential is still missing — the skill is inactive until it is granted.
The post-install prompt must happen in the SAME turn as the install, not
deferred to a later on-demand run./api/connectors (or any endpoint) from a shell
command. A secret on a command line lands in your context, the audit
trail, and process listings. Always use request_connector so the value
is captured server-side through the secure card and never enters the
transcript.Google Calendar via gws: list events, create, accept, find free time.
Google Docs via gws: read, append text, structured batch edits.
Google Drive via gws: search, list, upload, download, share.
Google Forms via gws: create forms, add items, read responses.
Gmail via gws: send, read, search, label, draft, reply, forward.
Google Sheets via gws: read/write cells, append rows, structured batch edits.