ClawHub

Bud

v1.0.0

Bud integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bud data.

0· 91·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with Bud and all runtime instructions reference the Membrane CLI and Bud API access via Membrane. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md only instructs installing the Membrane CLI, performing interactive login, creating a connection to Bud, listing/running actions, or proxying requests through Membrane. It does not instruct reading unrelated local files, exporting unrelated credentials, or exfiltrating data to unexpected endpoints.
Install Mechanism
Install is an explicit user-directed npm global install (npm install -g @membranehq/cli). This is a reasonable mechanism for a CLI integration, but global npm installs execute third‑party code on the system — the user should verify the package's provenance on npm/GitHub before running.
Credentials
The skill declares no required env vars or credentials. Authentication is handled via Membrane's interactive login flow and server-side connections, which is proportionate for a third‑party integration and avoids asking for local API keys.
Persistence & Privilege
Skill is user-invocable and not forced always-on. It does not request persistent system privileges or modify other skills' configs.
Assessment
This skill is coherent for connecting to Bud via the Membrane platform, but you should: (1) verify and trust the @membranehq/cli package on npm/GitHub before running a global npm install (global installs run code on your machine); (2) be aware that authorizing a Bud connection grants access to the user's financial data through Membrane — only connect accounts you intend to share; (3) confirm Membrane's privacy/security practices because credentials and proxying are handled server-side; and (4) if you prefer less system impact, consider running the CLI in a container or using a local install instead of a global install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxtt868yqgtbscmk0jjznfx84hbcr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments