Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From macos-it-admin
CRUD over Nimbleway (Nimble) admin API tokens, used by the Nimble MCP connector for crawl/extract/agent operations. Uses the OSEC3 minter pattern with NIMBLEWAY_TOKEN_MINTER from macOS keychain. Operations cover the Nimble admin API (api.webit.live or app.nimbleway.com depending on the product surface).
npx claudepluginhub subagentceo/knowledge-engineering --plugin macos-it-adminHow this skill is triggered — by the user, by Claude, or both
Slash command
/macos-it-admin:nimbleway-crudThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Quarterly rotation of `NIMBLEWAY_API_KEY` per `docs/operator-runbooks/secret-rotation.md`.
Applies 10 pre-set color/font themes or generates custom ones for slides, documents, reports, and HTML landing pages.
Share bugs, ideas, or general feedback.
NIMBLEWAY_API_KEY per docs/operator-runbooks/secret-rotation.md.NIMBLEWAY_TOKEN_MINTER in macOS keychain. Bootstrap:
# 1. Browser: app.nimbleway.com/settings/api or equivalent
# Create admin token, name: "nimbleway-token-minter-YYYY"
# 2. Terminal:
security add-generic-password -a "$USER" -s NIMBLEWAY_TOKEN_MINTER -w
Note on Nimble's API surface: Nimble's public REST endpoints are at api.webit.live (data plane: POST /unblocker/...). The admin/account API for key management is documented at https://docs.nimbleway.com (verify exact endpoint at first run). The skill's script assumes POST /account/api-keys shape; bump the script's @cite once confirmed.
The MCP connector claude.ai Nimble (UUID f41545b8) exposes 18 tools including nimble_agent_run_async, nimble_crawl_run, etc. — these use the API key indirectly via the connector's own auth. This skill manages the same underlying key that gets configured into the connector + the Worker runtime.
npx tsx plugins/macos-it-admin/skills/nimbleway-crud/scripts/create.ts \
--name "knowledge-engineering-$(date +%Y-Q%q)" \
--secret-name NIMBLEWAY_API_KEY \
[--runtime]
Behavior identical to neon-crud and parallel-ai-crud: mint → dual-write → read-after-write verify.
curl -sS https://api.webit.live/account/api-keys \
-H "Authorization: Basic $(security find-generic-password -s NIMBLEWAY_TOKEN_MINTER -w)" \
| jq '.[] | {id, name, created_at, scopes}'
(Confirm whether Nimble uses Basic or Bearer auth at first run.)
Same mint → smoke → delete-old sequence. Smoke test for Nimble: trigger a small crawl with nimble_crawl_run via the connector, or POST /unblocker/web via REST.
curl -sS -X DELETE "https://api.webit.live/account/api-keys/<KEY_ID>" \
-H "Authorization: Basic $(security find-generic-password -s NIMBLEWAY_TOKEN_MINTER -w)"
| ID | Outcome | Verified by |
|---|---|---|
| OIT1-nim-1 | Script exists and never logs response key field | no-leak test |
| OIT1-nim-2 | Read-after-write verify | script exit code |
| OIT1-nim-3 | Operator-reminder banner about claude.ai connector sync | script stderr output |
| OIT1-nim-4 | First-run operator confirms endpoint shape (api.webit.live vs app.nimbleway.com) and updates script @cite | one-line commit |
@cite https://docs.nimbleway.com @cite docs/decisions/2026-05-17-cf-token-mint.md @cite docs/decisions/2026-05-17-secrets-parity.md @cite /Users/alexzh/.claude/projects/-Users-alexzh-subagentmcp-subagentceo-knowledge-engineering/memory/reference_mcp_connectors.md (Nimble connector inventory)