ClawHub

Bugzilla

v1.0.2

Bugzilla integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bugzilla data.

0· 73·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md consistently tells the agent to use the Membrane CLI to connect to Bugzilla and run actions or proxied API requests. There are no unrelated credentials, binaries, or capabilities requested.
Instruction Scope
Instructions are scoped to installing and using the Membrane CLI (login, create connection, list/run actions, proxy requests). The doc does not instruct reading unrelated files or exfiltrating data, and explicitly advises not to request API keys from users. It does allow arbitrary proxied requests to Bugzilla via Membrane (expected for this integration).
Install Mechanism
No registry install spec, but the SKILL.md instructs installing an external npm package globally (npm install -g @membranehq/cli). Installing a global npm package is a normal way to get a CLI but does execute third-party code on the machine — this is expected for a CLI-based integration but is a point the user should consider.
Credentials
The skill requires network access and a Membrane account (documented). It requests no environment variables or secrets. The guidance explicitly delegates credential management to Membrane and discourages local key handling, which is proportional to the stated purpose.
Persistence & Privilege
No always:true or system-wide modifications are requested. The skill is instruction-only and does not request persistent privileges or modify other skills' configs.
Assessment
This skill is coherent: it only documents how to use the Membrane CLI to talk to Bugzilla. Before installing/using it, verify you trust Membrane (the getmembrane.com project and its npm package) because the CLI and Membrane service will handle/route authentication and API requests for your Bugzilla data. Consider: (1) prefer npx or a local install instead of npm -g if you want to avoid installing global binaries; (2) confirm how Membrane stores/uses your Bugzilla credentials and whether proxying data through their service is acceptable for your privacy/compliance needs; (3) for self-hosted Bugzilla, confirm the connector supports your deployment; (4) inspect @membranehq/cli package details (npm page, GitHub repo, release signatures) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cby88neds5xfgf32v6wbhch842cqf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments