Bitrise
v1.0.0Bitrise integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bitrise data.
⭐ 0· 95·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Bitrise but consistently directs the agent to use the Membrane platform/CLI to do so. Requesting a Membrane account and CLI is proportionate to that design; there are no unrelated credentials or platform accesses requested.
Instruction Scope
SKILL.md only instructs running Membrane CLI commands, creating connections, listing actions, running actions, and using Membrane's proxy. It does not ask the agent to read arbitrary files, other env vars, or send data to unexpected endpoints outside Membrane/Bitrise.
Install Mechanism
The skill instructs users to install the @membranehq/cli package via npm (global install or npx usage). This is a standard public-registry install but does mean third-party code will be installed on disk; the skill itself has no packaged install spec.
Credentials
No local env vars or credentials are requested by the skill. However, the integration relies on a Membrane account and connections created through Membrane — that centralizes Bitrise credentials and API traffic to Membrane, so trust in Membrane is required.
Persistence & Privilege
The skill is instruction-only, not always-enabled, does not request persistent system-wide changes or access to other skills' configs, and uses normal user-invocable operations.
Assessment
What to consider before installing: 1) This skill delegates Bitrise access to the Membrane platform — you will authenticate to Membrane and Membrane will proxy Bitrise requests, so verify you trust Membrane with your Bitrise data and credentials. 2) The SKILL.md asks you to install @membranehq/cli from npm (or use npx); review the npm package and the upstream repository (https://github.com/membranedev/application-skills and the CLI package) to verify authenticity and inspect permissions. 3) Prefer ephemeral or non-global installs (use npx or containerized environments) if you want to limit system impact. 4) The skill does not request unrelated secrets or system access, but be aware that using Membrane means your Bitrise API traffic and tokens will be handled server-side by Membrane. 5) If you need higher assurance, ask the publisher for details on how Membrane stores credentials, what data is logged, and whether you can use a least-privilege connection. Overall the skill appears coherent, but it requires trusting the Membrane service that it delegates to.Like a lobster shell, security has layers — review code before you run it.
latestvk971m87c1av3f7849gnwgm20wd84hw3n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.