Bit URL Shortener
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This documentation-only skill is coherent and purpose-aligned, but it does require installing an external CLI, using a Bit API key, and running commands that can modify or delete short links.
Before installing, review the upstream bit-cli repository, keep BIT_API_KEY private, use a trusted BIT_API_URL, and confirm link IDs before running update or delete commands.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI means trusting the upstream repository and any code it builds.
The skill instructs users to build and install an external GitHub-hosted CLI, including a sudo move into a system PATH directory. This is disclosed and purpose-aligned, but the installed code is external to the provided artifact.
git clone https://github.com/ParinLL/bit-cli.git cd bit-cli go build -o bit . sudo mv bit /usr/local/bin/
Review the GitHub repository before installing, prefer pinned releases or commits when available, and only use sudo for the final install step if you trust the binary.
Anyone or any process with access to the key may be able to act on the Bit API within that key's permissions.
The CLI requires an API key to authenticate to the Bit service. This is expected for the stated API operations, and the artifact advises keeping it in environment variables rather than command history.
`BIT_API_KEY` (required): Bit API authentication key.
Use a least-privilege Bit API key if supported, keep it out of shared scripts and logs, and rotate it if exposed.
Using the wrong ID or URL could break or redirect existing short links.
The documented CLI can modify or delete existing short links. These actions are central to the skill's purpose and are presented openly, but they can affect live links.
`bit update <id> <new-url>` - Replaces the destination URL for an existing short link. - `bit delete <id>` - Removes the short link by ID.
Confirm the target link with `bit list` or `bit get <id>` before update/delete operations, and ask for explicit user confirmation before changing live links.