ClawHub

Bluebubbles

v1.0.0

Build or update the BlueBubbles external channel plugin for Clawdbot (extension package, REST send/probe, webhook inbound).

1· 8.9k·974 current·1k all-time
by@kevin19830331
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (BlueBubbles channel plugin) matches the files, helpers, and runtime hooks the SKILL.md references. Required credentials/config are declared as core config keys (serverUrl/password/webhookPath), not unrelated services, so requested capabilities are proportional to the stated purpose.
Instruction Scope
SKILL.md only describes repository paths, helper functions, webhook behavior, and how to route messages into the core runtime. It does not instruct access to unrelated system files, credentials outside the plugin config, or external endpoints beyond the BlueBubbles gateway integration.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill references core config keys (channels.bluebubbles.serverUrl, channels.bluebubbles.password, channels.bluebubbles.webhookPath) which are reasonable for a messaging plugin. The skill itself does not declare required env vars or credentials, but deployment will require those config values—ensure they are supplied securely by the host application.
Persistence & Privilege
The skill is not always-on and has default invocation settings. As an instruction-only skill it does not request persistent system presence or modify other skills' configs.
Assessment
This is a developer-facing instruction file for implementing a BlueBubbles channel plugin and appears coherent with that goal. There is no code bundled here, so the immediate security risk is low. Before installing or enabling a plugin implementation based on these instructions, confirm where the BlueBubbles server URL and password will be stored (use your application's secure config/secret storage), review any actual code added to the repo for network calls or credential handling, and only provide webhook endpoints and credentials to trusted code. If you want extra assurance, ask for the actual plugin code (not just the SKILL.md) and review it for unexpected network calls or filesystem access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpcy8tz21374w7qmk2waz757zyg3f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments