box

Box CLI skill for working with files, folders, metadata, search, and Box AI in headless environments.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "box" with this command: npx skills add hbkwong/box-cli

box

Use the official box CLI to interact with the Box API from OpenClaw.

This skill is designed for headless deployments (e.g. Railway, CI, servers). It does not use OAuth login flows or short-lived developer tokens.

Instead, it expects Bring Your Own Credentials using:

  • Client Credentials Grant (CCG) --- recommended
  • JWT Server Auth --- optional

🔐 Authentication (Bring Your Own Credentials)

This skill does not manage authentication automatically.

You must provide credentials before using Box commands.

⚠️ Never commit credential files (CCG JSON or JWT JSON) to git.

Add the following to your .gitignore:

box-ccg.json
box-jwt.json
.secrets/

🔑 User-Provided JSON Configuration (Required)

Users must supply their own Box CCG configuration file.
The skill does not generate credentials or manage secrets.

Your file should look like:

{
  "boxAppSettings": {
    "clientID": "client_id_here",
    "clientSecret": "client_secret_here"
  },
  "enterpriseID": "enterprise_id_here"
}

This file can be named box-ccg.json and placed in your deployment environment before registering it with Box CLI.

Option A --- Provide a CCG Config File (Recommended)

Create a Box Custom App using:

Server Authentication (Client Credentials Grant)

You will need:

  • clientID
  • clientSecret
  • enterpriseID

Create your config file in a secure location outside the workspace, e.g.:

/data/.secrets/box-ccg.json

⚠️ Avoid storing credentials inside the workspace directory — it may be tracked by git or accessible to other tools.

With:

{ "boxAppSettings": { "clientID": "YOUR_CLIENT_ID", "clientSecret": "YOUR_CLIENT_SECRET" }, "enterpriseID": "YOUR_ENTERPRISE_ID" }

Secure it:

chmod 600 /data/.secrets/box-ccg.json

Register it:

box configure:environments:add /data/.secrets/box-ccg.json --ccg-auth --name ccg --set-as-current box configure:environments:set-current ccg

Optional: Run as a managed user instead of the service account:

box configure:environments:add /data/.secrets/box-ccg.json --ccg-auth --ccg-user "USER_ID" --name ccg-user --set-as-current

Option B --- Use Environment Variables (.env supported)

Set:

BOX_CLIENT_ID BOX_CLIENT_SECRET BOX_ENTERPRISE_ID

Generate config:

mkdir -p /data/.secrets

cat <<EOF > /data/.secrets/box-ccg.json { "boxAppSettings": { "clientID": "$BOX_CLIENT_ID", "clientSecret": "$BOX_CLIENT_SECRET" }, "enterpriseID": "$BOX_ENTERPRISE_ID" } EOF

chmod 600 /data/.secrets/box-ccg.json

Then register:

box configure:environments:add /data/.secrets/box-ccg.json --ccg-auth --name ccg --set-as-current

Option C --- JWT Server Auth (Alternative)

If using JWT:

box configure:environments:add /data/.secrets/box-jwt.json --name jwt --set-as-current

✅ Verify Authentication

box configure:environments:get --current box users:get me

Note: With CCG, you are authenticated as either: - The service account, or - A managed user (if --ccg-user is used)

Access depends on that identity's permissions.

📂 Common Operations

Browse Folders

box folders:get 0 box folders:list-items 0 --json

Upload

box files:upload ./report.pdf --parent-id 0

Download

box files:download 123456789 --destination ./downloads --create-path

Search

box search "quarterly plan" --type file

Metadata

box files:metadata:get-all 123456789 box files:metadata:add 123456789 --template-key employeeRecord --data "department=Sales"

🤖 Box AI Usage (No Local LLM Downloads)

This skill supports using Box AI directly via the Box platform.

AI operations run within Box, respecting: - File permissions - Enterprise security - Data governance - Audit controls

No file download + local LLM inference required.

Ask Questions About a File

box ai:ask --item-id 123456789 --item-type file --prompt "Summarize this document and identify risks."

Extract Structured Data

box ai:extract-structured --item-id 123456789 --item-type file --schema '{"fields":[{"name":"invoice_number","type":"string"},{"name":"total","type":"number"}]}'

Extract Text

box ai:extract --item-id 123456789 --item-type file

🧠 Tips for Agents & Automation

Use JSON output when parsing results:

box folders:list-items 0 --json

Prefer CCG for headless deployments because:

  • No browser required
  • No expiring developer tokens
  • Suitable for automation
  • Works cleanly in Railway

🔒 Security Notes

  • Do not commit credential files.
  • Restrict file permissions (chmod 600).
  • Use least-privilege app scopes.
  • Avoid granting broad enterprise-wide access to service accounts.
  • Prefer a dedicated demo folder when showcasing functionality.

🚀 Deployment Notes (Railway / CI)

  • Ensure /data/workspace is writable (for file operations).
  • Ensure /data/.secrets exists and is writable (for credential storage).
  • Box CLI stores environments in ~/.box.
  • If containers are ephemeral, re-run configure step on deploy.
  • Use Railway Variables instead of pasting secrets into chat.

This skill exposes the full surface area of the Box CLI.

Explore commands:

box --help box folders --help box files --help box ai --help

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

Xlsx Pro

Compétence pour manipuler les fichiers Excel (.xlsx, .xlsm, .csv, .tsv). Utiliser quand l'utilisateur veut : ouvrir, lire, éditer ou créer un fichier tableur ; ajouter des colonnes, calculer des formules, formater, créer des graphiques, nettoyer des données ; convertir entre formats tabulaires. Le livrable doit être un fichier tableur. NE PAS utiliser si le livrable est un document Word, HTML, script Python standalone, ou intégration Google Sheets.

Registry SourceRecently Updated
01.7K
ricobaboule
Coding

Skill Scaffold

AI agent skill scaffolding CLI. Create skills for OpenClaw, Moltbot, Claude, Cursor, ChatGPT, Copilot instantly. Vibe-coding ready. MCP compatible.

Registry SourceRecently Updated
13K
NextFrontierBuilds
Coding

Openclaw Backup Optimized

Optimized OpenClaw backup skill for creating full snapshots with workspace archive splitting, change summaries, restore instructions, and Discord notifications. Use when you need to set up or run automated backups, configure backup cron jobs, or document/restore OpenClaw state. Triggers on backup automation, backup scripts, snapshot/restore, or GitHub backup repos.

Registry SourceRecently Updated
42.2K
cccarv82