Bonito
v1.0.0Onboard users to the Bonito AI platform — multi-provider AI routing, managed inference, agent deployment, and multi-agent orchestration. Use when someone wan...
⭐ 0· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: SKILL.md guides onboarding, explains managed inference vs BYO keys, shows how to create gateway keys and deploy agents. The two included scripts (health_check.py and verify_deploy.py) are appropriate helper utilities for onboarding and deployment verification.
Instruction Scope
Instructions are scoped to onboarding and deployment checks. The health_check script performs a GET to https://api.getbonito.com/health. verify_deploy runs local checks (git, docker, bonito-cli, Python) and inspects the optional local 'atlas' repo files. The skill does not instruct reading arbitrary user files or exfiltrating data.
Install Mechanism
No install spec is present (instruction-only), and included scripts are small and readable. There are no downloads from untrusted URLs or archives that will be extracted/executed.
Credentials
The skill does not declare or require any credentials or env vars. SKILL.md shows example usage that references a gateway key and optional .env for the Atlas demo — these are expected for a deployment/onboarding flow and are not requested by the skill itself.
Persistence & Privilege
Skill is not always-on and does not request persistent system modification or cross-skill configuration. It performs ephemeral checks and provides guidance; autonomous invocation defaults are unchanged but not unusually privileged.
Assessment
This skill appears to be a straightforward onboarding helper. Before running anything: (1) verify getbonito.com and the referenced GitHub repo are the official/expected sources for your organization, (2) review the small Python scripts (they only ping the public health endpoint and run local CLI checks) and avoid running them as root, (3) be cautious when pasting real API keys — the examples use $GATEWAY_KEY and Atlas expects a local .env; only supply keys you control, and prefer managed inference if you don't want to provide provider keys, and (4) when you install bonito-cli via pip, confirm the package source and version (pip install bonito-cli==0.4.0+ if you want the documented min version). If you need greater assurance, verify the external repo (https://github.com/ShabariRepo/atlas) contents before deploying its stack or starting containers.Like a lobster shell, security has layers — review code before you run it.
latestvk9766pjc7e6v9hz9wet5qfqr2n83aqxy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.