Bunnyshell
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Bunnyshell integration, but it gives the agent broad authenticated access to run actions and raw API requests against cloud-management resources.
Install only if you intend to let an agent operate Bunnyshell through Membrane. Use a least-privileged account, confirm any deployment or destructive changes before execution, and be cautious with raw proxy requests or sensitive data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly or on an ambiguous request, the agent could potentially change or delete Bunnyshell-managed infrastructure, environments, projects, or related account data.
The skill documents a broad raw API escape hatch with authenticated write and delete methods for a cloud-management platform. In the supplied excerpt, this is not clearly bounded by approval, resource scope, or reversibility guidance.
When the available actions don't cover your use case, you can send requests directly to the Bunnyshell API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Use a least-privileged Bunnyshell account, require explicit confirmation before any POST/PUT/PATCH/DELETE or deployment action, and prefer discovered scoped actions over raw proxy calls.
The agent may be able to act in Bunnyshell with the same privileges as the connected account.
The skill requires delegated Membrane/Bunnyshell authentication and automatic credential refresh. This is expected for the integration, but it gives the CLI access according to the authenticated user's permissions.
Membrane handles authentication and credentials refresh automatically... membrane login --tenant --clientName=<agentType>
Connect only the intended Bunnyshell account, limit permissions where possible, and revoke the Membrane/Bunnyshell connection when no longer needed.
Installing @latest runs whatever version npm currently serves, which may differ from the version originally reviewed.
The setup uses an unpinned latest npm package. This is common for CLI setup and aligned with the skill purpose, but the installed code can change over time.
npm install -g @membranehq/cli@latest
Install from the official package source, consider pinning a known CLI version, and review the Membrane CLI publisher/package before installing.
Information sent in API calls or returned from Bunnyshell may pass through Membrane as part of the integration.
Bunnyshell API requests are routed through Membrane's proxy/gateway. This is disclosed and purpose-aligned, but users should recognize that request and response data flows through that service.
Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers
Avoid sending unnecessary secrets or sensitive payloads through proxy requests, and review Membrane's data-handling terms for your organization.