ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bridle

v1.1.0

Unified configuration manager for AI coding assistants. Manage profiles, install skills/agents/commands, and switch configurations across Claude Code, OpenCode, Goose, and Amp.

0· 2.5k·0 current·0 all-time
by@bjesuiter
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the runtime instructions: the skill simply shells out to a 'bridle' binary that manages profiles and harness configs. However, the SKILL.md documents reading/writing many harness config paths (e.g., ~/.claude/, ~/.config/opencode/, ~/.config/goose/, ~/.config/bridle/config.toml) yet the skill metadata declares no required config paths. That omission is an inconsistency — the tool will need access to other tools' config directories but the skill does not explicitly request or document that access.
!
Instruction Scope
Runtime instructions tell the agent to run 'bridle' commands (init, profile create/switch/edit, install owner/repo) and reference specific user config locations. In particular, 'bridle install owner/repo' implies cloning/installing arbitrary GitHub repos into harness config directories. That capability can introduce untrusted code or modify other agents' configurations; the SKILL.md does not limit or qualify what will be installed or warn about validating code, so the instruction scope is broader and higher-risk than a simple config viewer/editor.
Install Mechanism
Install options are Homebrew (neiii/bridle/bridle), cargo install, or git clone/build. Homebrew uses a third‑party tap (neiii) rather than an official formula, which is a moderate trust consideration. cargo install/git clone are traceable to source but will build/run code locally. No opaque URL shorteners or unknown archive extracts are present, but you should verify the brew tap and crate/repo owners before installing.
Credentials
The skill declares no required environment variables or credentials, which fits a local CLI manager. However, the documented workflows (installing from GitHub, writing to other harness configs) may require network access and write access to ~/.config/ and other home directories, and they may prompt for credentials when accessing private repos — none of which are declared. That mismatch should be noted.
!
Persistence & Privilege
The skill is not always-on, but its described operations explicitly modify other harnesses' configuration directories and install components (skills/agents/commands) into them. Modifying other agents' or skills' configs is a meaningful privilege and increases blast radius: a malicious or buggy installed component could alter behavior across multiple AI assistants. The skill metadata does not document safeguards or required approvals for installations.
What to consider before installing
This skill is coherent with its stated purpose (it wraps a 'bridle' CLI), but it will read and write configuration in multiple other AI harness directories and can install arbitrary GitHub repos into those locations. Before installing or running it: (1) verify the Homebrew tap / crate / upstream GitHub repo and review the source if possible; (2) back up the config directories listed (~/.claude, ~/.config/opencode, ~/.config/goose, ~/.amp, ~/.config/bridle); (3) prefer installing from reviewed source code rather than a third‑party binary if you don't trust the tap; (4) be cautious about running 'bridle install owner/repo' for untrusted repositories — those components can execute code within your agent environment; (5) expect the tool to need write access to your home config directories and potentially network/GitHub credentials for private repos. If you need higher assurance, inspect the bridle repository/formula and the code it would deploy before use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐴 Clawdis
OSmacOS · Linux
Binsbridle

Install

Install bridle via Homebrew
Bins: bridle
brew install neiii/bridle/bridle
latestvk97axxcgx8whgbfxy2cvs7y7ds7z7pw3
2.5kdownloads
0stars
3versions
Updated 19h ago
v1.1.0
MIT-0
macOS, Linux
@bjesuiter
latest
Download

Bridle Skill

Unified configuration manager for AI coding assistants. Manage profiles, install skills/agents/commands, and switch configurations across Claude Code, OpenCode, Goose, and Amp.

Installation

# Homebrew (macOS/Linux)
brew install neiii/bridle/bridle

# Cargo (Rust)
cargo install bridle

# From source
git clone https://github.com/neiii/bridle && cd bridle && cargo install --path .

Core Concepts

  • Harnesses: AI coding assistants (claude, opencode, goose, amp)
  • Profiles: Saved configurations per harness (e.g., work, personal, minimal)

Quick Commands

# Launch interactive TUI
bridle

# Show active profiles across all harnesses
bridle status

# Initialize bridle config and default profiles
bridle init

Profile Management

# List all profiles for a harness
bridle profile list <harness>

# Show profile details (model, MCPs, plugins)
bridle profile show <harness> <name>

# Create empty profile
bridle profile create <harness> <name>

# Create profile from current config
bridle profile create <harness> <name> --from-current

# Switch/activate a profile
bridle profile switch <harness> <name>

# Open profile in editor
bridle profile edit <harness> <name>

# Compare profiles
bridle profile diff <harness> <name> [other]

# Delete a profile
bridle profile delete <harness> <name>

Installing Components

Bridle can install skills, agents, commands, and MCPs from GitHub repos and auto-translates paths/configs for each harness.

# Install from GitHub (owner/repo or full URL)
bridle install owner/repo

# Overwrite existing installations
bridle install owner/repo --force

# Interactively remove components [experimental]
bridle uninstall <harness> <profile>

Configuration

Config location: ~/.config/bridle/config.toml

# Get a config value
bridle config get <key>

# Set a config value
bridle config set <key> <value>

Config keys: profile_marker, editor, tui.view, default_harness

Output Formats

All commands support -o, --output <format>:

  • text (default) — Human-readable
  • json — Machine-readable
  • auto — Text for TTY, JSON for pipes

Supported Harnesses & Config Locations

HarnessConfig LocationStatus
Claude Code~/.claude/Full support
OpenCode~/.config/opencode/Full support
Goose~/.config/goose/Full support
Amp~/.amp/Experimental

Component Paths by Harness

ComponentClaude CodeOpenCodeGoose
Skills~/.claude/skills/~/.config/opencode/skill/~/.config/goose/skills/
Agents~/.claude/plugins/*/agents/~/.config/opencode/agent/
Commands~/.claude/plugins/*/commands/~/.config/opencode/command/
MCPs~/.claude/.mcp.jsonopencode.jsoncconfig.yaml

Common Workflows

Create a work profile from current config

bridle profile create claude work --from-current

Create profile from existing profile (duplicate & modify)

# 1. Switch to the source profile
bridle profile switch opencode default

# 2. Create new profile from current (now the source profile)
bridle profile create opencode minimal --from-current

# 3. Edit the new profile to remove/modify as needed
bridle profile edit opencode minimal

Switch between profiles

bridle profile switch claude personal
bridle profile switch opencode minimal

Check status across all harnesses

bridle status

Comments

Loading comments...