Query and curate knowledge-base using ByteRover CLI. Use `brv query` for knowledge retrieval, `brv curate` for adding context, and `brv push/pull` for syncing.
Security Analysis
high confidenceThe skill is a thin wrapper for the official ByteRover CLI (npm @byterover/cli); its requirements, install method, and runtime instructions are consistent with its stated purpose.
Name/description match the actual requirements and behavior: the skill requires the 'brv' binary and the install spec installs the @byterover/cli package which provides that binary. Nothing requested by the skill (no unrelated binaries, env vars, or config paths) is out of scope for a CLI integration.
SKILL.md stays within ByteRover CLI operations (login, init, status, query, curate, push, pull). It asks the user to supply an API key at runtime (via brv login) and to include up to 5 files for curate; it does not instruct the agent to read arbitrary system files or unrelated credentials. Note: brv login outputs text (not JSON), and credentials/config are stored under the project's .brv directory according to examples — automation should handle that and avoid exposing secrets.
Install uses npm to add @byterover/cli and create the 'brv' binary. npm is an expected mechanism for a Node-based CLI. This will write files/binaries to the environment (node_modules/.bin or global install depending on setup), so users should verify the package's provenance before installing.
The skill declares no required environment variables, which is consistent. Runtime usage requires an API key for login (entered interactively or supplied to brv); this is appropriate for a remote service. Be aware the CLI likely writes auth tokens/config to .brv in the project directory (example shown), so secrets may be persisted on disk — use a least-privileged API key and/or a dedicated account.
always:false and no requests to modify other skills or system-wide agent settings. The skill does not ask for permanent platform privileges. The ability to run commands autonomously is the platform default but is not combined with other concerning privileges here.
Guidance
This skill is a straightforward adapter for the ByteRover CLI, but before installing: 1) verify the npm package (@byterover/cli) and its publisher (check the npm registry and package source) to ensure it's the official ByteRover client; 2) when using it, supply a dedicated, least-privileged API key rather than broad or production credentials; 3) be aware the CLI stores auth/config under .brv in your project — inspect that file if you are concerned about persisted tokens and protect its directory; 4) automation will use flags like --headless --format json and brv push -y (which skips confirmations) — avoid -y unless you want to allow destructive/remote changes without manual confirmation; 5) if you need stronger assurance, review the installed package contents (node_modules or the published tarball) before running it.
Latest Release
v1.6.0
- Major update: Comprehensive SKILL.md added with detailed headless usage instructions for ByteRover CLI. - Provides example commands and JSON responses for querying, curating, pushing, and pulling knowledge. - Adds clear guidance for authentication, project initialization, and error handling in headless/automated environments. - Outlines recommended flags (`--headless --format json`), best practices, and tips for automation workflows. - Documents possible statuses and expected outputs for all supported commands.
More by @byteroverinc
Published by @byteroverinc on ClawHub
