ClawHub

Basecamp Automation

v0.1.0

Automate Basecamp project management, to-dos, messages, people, and to-do list organization via Rube MCP (Composio). Always search tools first for current schemas.

1· 1.5k·1 current·1 all-time
by@sohamganatra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Basecamp automation) aligns with the runtime instructions: all tool calls are Basecamp-oriented (GET_PROJECTS, CREATE_MESSAGE, etc.) and the SKILL.md explicitly requires the Rube MCP 'rube' toolkit. No unrelated binaries or credentials are requested.
!
Instruction Scope
The instructions direct the agent/user to add an external MCP server (https://rube.app/mcp) to client configuration and to use RUBE_MANAGE_CONNECTIONS which will produce an auth link that the user follows to complete Basecamp OAuth. That means the MCP operator will mediate tool discovery and may broker OAuth tokens/requests. This is a scope expansion beyond simple API call templates: it requires modifying client config and trusting a remote service with auth flows. SKILL.md otherwise stays within Basecamp task boundaries and doesn't ask the agent to read unrelated files or environment variables.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required env vars or local credentials (registry metadata shows none). Runtime instructions rely on Rube MCP and an OAuth connection established via RUBE_MANAGE_CONNECTIONS instead of local API keys. This is coherent but important: the skill expects an external MCP to handle authentication. The registry metadata does not explicitly call out this external dependency beyond the SKILL.md 'requires: mcp: [rube]'. If you are uncomfortable having a third-party MCP broker OAuth tokens or requests, that is a valid reason to avoid installing/using this skill.
Persistence & Privilege
always is false and there is no install step that writes persistent agent-level configuration. The skill can be invoked autonomously (platform default) but that alone is not unusual. Combined with the MCP dependency it increases the blast radius only if you permit the MCP to be used for signing/auth flows.
What to consider before installing
This skill appears to do what it says (Basecamp automation) but it relies on an external MCP server (https://rube.app/mcp) to provide tool schemas and to broker Basecamp OAuth. Before using it: (1) verify and trust the MCP operator and domain (rube.app); (2) confirm how OAuth tokens are handled and whether tokens or request payloads pass through the MCP; (3) prefer completing OAuth directly with Basecamp when possible or review the MCP's privacy/security docs; (4) test in a limited/sandbox Basecamp account with minimal permissions first; (5) avoid adding the MCP endpoint or granting broad scopes unless you understand and accept the risk of a third party mediating your authentication. If you cannot verify the MCP operator, treat this skill as potentially risky.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajs12s8drh3fmzrg73xww9980njzz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments