ClawHub

Bunnyshell

v1.0.2

Bunnyshell integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bunnyshell data.

0· 54·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes using the Membrane CLI to connect to Bunnyshell, discover actions, run proxy requests, and manage connections — which aligns with the skill name and description. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
Instructions tell the agent (and user) to install and run the @membranehq/cli, perform an interactive/browser login, list/connect actions, run actions, and proxy arbitrary API requests through Membrane. This is expected for a connector skill, but proxy capability allows arbitrary Bunnyshell API calls — users should be aware that actions run via the connection can access their Bunnyshell data.
Install Mechanism
There is no formal install spec, but the SKILL.md instructs installing a global npm package (npm install -g @membranehq/cli). Installing from the public npm registry is a reasonable approach for a CLI, but it carries the usual moderate risk of third-party packages — verify the package maintainer and provenance before installing globally.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask users for API keys, relying on Membrane to handle auth. Requested access is proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, does not request system config paths, and contains no install-time code that would persist or modify other skills. It uses the standard Membrane login flow which stores credentials server-side.
Assessment
This skill appears coherent with its purpose, but before installing: (1) verify you trust Membrane (@membranehq) and review their security/privacy docs because your Bunnyshell credentials will be managed server-side; (2) confirm the npm package identity and publisher before doing a global npm install (global installs can require elevated privileges); (3) be aware that the Membrane proxy can make arbitrary Bunnyshell API calls using your connection — only grant it access to accounts/environments you are comfortable exposing; (4) if you need stronger isolation, run the CLI in a sandboxed environment or review Membrane logs/connection settings. If you want, share the Membrane CLI package URL or the connector IDs you plan to use and I can point out any further risks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b52jzrs4esevq2ddpwg15wd842s40

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments