Procedural knowledge for AI agents working with OpenBat — distillable into Claude Code, Cursor, Copilot, Gemini, and any Claude-compatible MCP client via the skills.sh distribution mechanism.
These skills teach an agent how to use the OpenBat CLI
(@openbat/cli), the
OpenBat MCP server (@openbat/mcp),
and the OpenBat SDK (@openbat/sdk)
end-to-end — read analytics, manage settings and webhooks, build
workflows, mint credentials, run experiments, install the SDK in a
target app.
npx skills add openbat-dev/agent-skillsBy default this drops the skill files into .claude/skills/ in your
current project. Target a different agent platform with -a:
npx skills add openbat-dev/agent-skills -a cursor
npx skills add openbat-dev/agent-skills -a copilotInstall one specific skill only:
npx skills add openbat-dev/agent-skills --skill using-openbatPin a specific version (recommended for reproducibility):
npx skills add openbat-dev/agent-skills@v0.1.0| Skill | Purpose |
|---|---|
using-openbat |
Start here. Comprehensive reference — auth model, 9 user flows, MCP + CLI command pairs, safety rails, failure-mode recovery. |
openbat-onboarding |
Create a new chatbot + capture the ingest key. |
openbat-settings |
Manage keys (ingest / read / admin / PAT), webhooks, custom metadata. |
openbat-conversations |
Query conversations + analyses, time-filtered (default last 7 days). |
openbat-workflows |
Compile DSL templates (flag-to-webhook, outcome-to-webhook, sentiment-drop-to-webhook) into workflows. |
openbat-sdk-install |
Install + verify @openbat/sdk in Node / Next.js / Vercel AI SDK apps. |
openbat-safe-mutations |
Cross-cutting safety rules — confirmation patterns, audit log review, key rotation hygiene. |
openbat-plan-audit |
Audit implementation plans against recurring failure patterns (cross-tenant IDOR, missing rate limits, missing role checks, SSRF, race conditions, input validation). |
Install at least one of the OpenBat surfaces first:
npm i -g @openbat/cli # CLI
# or configure MCP in your client's mcp.json — see @openbat/mcp READMEYou'll also need an OpenBat API key. Sign up at https://openbat.dev to mint one.
@openbat/cli and @openbat/mcp are intentionally generic — they
expose 44 tools across 9 user flows. An agent confronted with all 44
tools and no procedural guidance will plausibly hallucinate inputs,
choose the wrong key kind, or call destructive operations without
confirmation.
The skills here distil the "how to use this safely" knowledge into the agent's context window when it's loaded. They cover:
- The four-kind auth ladder (
ob_read_*<ob_admin_*<ob_pat_*). - Plaintext-shown-once-to-stderr conventions for mint commands.
- The
dryRunsafety pattern for destructive operations. - The org-private nature of AI reports (no public sharing).
- Audit log + rate-limit recovery patterns.
Each skill is a single SKILL.md file with YAML frontmatter, following
the agent-skills spec:
---
name: skill-name
description: One-paragraph triggers + scope summary
---
# Skill body...Tagged releases (v0.1.0, v0.2.0, …) track the published versions of
@openbat/cli and @openbat/mcp they're written against. Bumping the
tools without bumping the skills is fine — the skills are deliberately
not coupled to specific tool signatures, just to the patterns
(requireWrite, BOLA filter, etc.). But if the auth ladder changes
shape, the skills bump too.
These skills are maintained as a thin export from the
openbat/openbat monorepo's .claude/skills/
directory. Bug reports + suggestions:
issues.
PRs are welcome — see CONTRIBUTING.md.
MIT — see LICENSE.
- OpenBat product — https://openbat.dev
- OpenBat docs — https://openbat.dev/docs
@openbat/cli— https://www.npmjs.com/package/@openbat/cli@openbat/mcp— https://www.npmjs.com/package/@openbat/mcp@openbat/sdk— https://www.npmjs.com/package/@openbat/sdk- skills.sh directory — https://skills.sh
- agent-skills CLI — https://github.com/vercel-labs/skills