ClawHub

Buildbuddy

v1.0.0

BuildBuddy integration. Manage data, records, and automate workflows. Use when the user wants to interact with BuildBuddy data.

0· 24·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md instructions: the skill is an integration that uses the Membrane CLI to interact with BuildBuddy. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md stays within the stated scope: it directs installing and using the Membrane CLI, creating a connector, running actions, and proxying BuildBuddy API requests through Membrane. It does not instruct reading unrelated files or environment variables, nor sending data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). The doc instructs installing @membranehq/cli via npm (global install or npx). That is expected for a CLI-based integration but does involve downloading and running third-party code from the npm registry — a normal but non-trivial action the user should review before running.
Credentials
The skill declares no required env vars or credentials. It relies on a Membrane account for auth, which is proportionate to the stated behavior. SKILL.md explicitly advises not to ask users for API keys, and Membrane is described as handling auth server-side.
Persistence & Privilege
The skill does not request permanent presence (always:false) and has no install-time config changes or cross-skill/system config access. Autonomous invocation is allowed (default) but is not combined with other red flags.
Assessment
This skill appears coherent for interacting with BuildBuddy via Membrane. Before installing or following the instructions: (1) Confirm you trust Membrane (https://getmembrane.com) and the @membranehq/cli npm package—installing the CLI downloads and runs third-party code. (2) Review the npm package or its repository if you need stronger assurance. (3) Be aware that once connected, Membrane can proxy arbitrary BuildBuddy API calls and therefore can access project/build/test data — ensure the Membrane account and connector are limited to the appropriate scope and tenant. (4) If you cannot or do not want to install global npm packages, consider using npx or running in an isolated environment. Overall this skill is internally consistent with its stated purpose, but proceed only if you trust the Membrane tooling and account used.

Like a lobster shell, security has layers — review code before you run it.

latestvk972r96nfc18bcxms3mzg93wv5846av5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments