ClawHub

Bunpro

v1.0.0

Sync Bunpro Japanese grammar learning progress from the API to local storage for analysis and insights. Use when the user wants to backup their Bunpro progre...

0· 557·0 current·0 all-time
bymart1:n@mart1n-xyz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and included Python scripts all implement fetching Bunpro frontend endpoints and storing results in a local SQLite DB. Requested binary (python3) and single env var (frontend JWT) are appropriate for the stated task.
Instruction Scope
SKILL.md explicitly instructs the user how to extract the browser Frontend API Token via DevTools (console/local storage/network) and how to run the scripts. That instruction is sensitive but coherent with the need for a browser JWT; the skill does not instruct reading unrelated system files or posting data to external endpoints beyond api.bunpro.jp. Note: it allows passing the token directly on the CLI (less secure).
Install Mechanism
This is instruction-only (no installer downloads). It requires python3 and the scripts use the 'requests' library; no remote URLs or archive extraction are used. Minor note: the SKILL.md does not explicitly list Python package dependencies (requests), so the user may need to install them manually.
Credentials
Only BUNPRO_FRONTEND_API_TOKEN is required and is the correct credential for the frontend API the skill uses. The token is appropriately marked as primaryEnv. The skill recommends both env var and CLI token options — the latter is less secure but functionally consistent.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes or other skills' credentials. It only writes a local SQLite database in the specified data directory.
Assessment
This skill appears to do exactly what it claims: pull your Bunpro frontend data and store it locally. Before installing/running: 1) Understand the token is a sensitive browser JWT — do not share it; prefer exporting BUNPRO_FRONTEND_API_TOKEN as an environment variable rather than passing it on the command line. 2) Inspect the included scripts yourself (they are plain Python) and ensure they only call https://api.bunpro.jp; the package uses the 'requests' library (install it into a virtualenv). 3) Treat the generated bunpro.db as sensitive personal data and store it securely (encrypt or keep in an isolated directory). 4) Because the skill uses community-documented endpoints and a frontend token that can expire, expect to refresh the token periodically. 5) If you have policy or TOS concerns, verify that using the frontend token and community API is acceptable to Bunpro and revoke your session token via logout if needed. Overall this is coherent and proportionate, but follow the usual precautions when handling authentication tokens and local backups.

Like a lobster shell, security has layers — review code before you run it.

latestvk9727ssz62pad8apx3thy8fb9h818rnn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binspython3
EnvBUNPRO_FRONTEND_API_TOKEN
Primary envBUNPRO_FRONTEND_API_TOKEN

Comments