ClawHub

BanditDB

v0.1.6

BanditDB is an in-memory decision database for AI agents — real-time learning from outcomes. Use it to auto-tune notification timing, model routing, or promp...

0· 81·0 current·0 all-time
bySimeon Lukov@simeonlukov
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a local decision database. SKILL.md and references/api.md instruct the agent to create campaigns, call /predict, and post /reward to a locally-hosted service — these requirements align with the stated purpose.
Instruction Scope
Instructions are scoped to interacting with a local HTTP service (default http://localhost:8080) and do not ask the agent to read unrelated files or credentials. They do mention registering as an MCP server (Claude/Cursor/etc.), which implies optional network exposure if the agent is configured to register with external MCP hosts; this is a behavioral expansion worth confirming before enabling that feature.
Install Mechanism
This is an instruction-only skill (no install spec). The docs point users to external artifacts (GitHub releases, Docker image, PyPI). That is normal for this kind of skill, but installing binaries/images from external sources should be validated (see user guidance). Also note a minor provenance mismatch: the GitHub release org is listed as dynamicpricing-ai while the Docker image is simeonlukov — not necessarily malicious but worth verifying.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The API interactions are to localhost by default, so no external secrets access is required by the skill itself.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request permanent platform-level privileges or modifications to other skills; no elevated persistence is requested.
Assessment
This skill appears internally coherent: it expects you to run a local BanditDB service and call its HTTP API. Before installing/using it: 1) Verify the upstream artifacts — prefer official GitHub releases and check release signatures or checksums; confirm the Docker image owner (simeonlukov) is the intended publisher for the project (dynamicpricing-ai vs simeonlukov mismatch). 2) If you run the Docker image or binary, run it with least privilege and restrict network exposure (it binds to port 8080 by default — avoid exposing that port publicly). 3) If you enable MCP registration, only register with trusted MCP hosts because that step can expose interactions beyond localhost. 4) If you plan to install the banditdb-python package, review the package on PyPI for authenticity. These steps will reduce supply-chain and network exposure risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk970d8rczy22a0jpb09e0em92583phhx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments