ClawHub

Bring! Shopping Lists

v1.0.0

Manage your Bring! shopping list by adding, removing, completing items, or checking the current groceries via your Bring! account.

2· 545·0 current·0 all-time
byJohann Zahlmann@zahlmann
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match the code and declared env vars (BRING_EMAIL, BRING_PASSWORD) and the included bring.py uses the unofficial bring-api library to operate on the user's Bring! lists. One minor mismatch: the registry metadata marks the uv binary as a required binary, but the SKILL.md and README also document a pip installation path that does not need uv — making 'uv' optional in practice. This is a small incoherence but does not change the core functionality.
Instruction Scope
SKILL.md instructs the agent to set BRING_EMAIL/BRING_PASSWORD, run bring.py via uv or pip, and operate only on the default shopping list. The runtime instructions and code limit actions to listing, adding, removing, and completing items and do not direct the agent to read unrelated files, network endpoints, or other credentials.
Install Mechanism
There is no opaque download/install mechanism. The skill is instruction-only (no installer) and provides requirements.txt (bring-api, python-dotenv). These are public Python packages and the code included is readable; nothing is fetched from unknown personal URLs or archives during install.
Credentials
The skill requires only BRING_EMAIL and BRING_PASSWORD (declared and used by the code) which is proportionate to authenticating to Bring!. Note: storing a plaintext account password in env/.env is sensitive but expected for this approach; the skill does not request unrelated credentials.
Persistence & Privilege
No 'always: true' flag is set; the skill does not request persistent system-wide changes or modify other skills. disable-model-invocation is false (agent may invoke autonomously) — this is the platform default and not excessive by itself.
Assessment
This skill appears to do what it says: it uses the bring-api Python package to log into your Bring! account and manage your default shopping list. Before installing: (1) Be comfortable storing BRING_EMAIL and BRING_PASSWORD as environment variables or in a .env file — these are sensitive credentials (consider using an app-specific password if Bring! supports it and avoid reusing your primary password). (2) The metadata marks 'uv' as required, but you can run it with pip and python; you don't have to install uv unless you prefer it. (3) The skill depends on the third-party 'bring-api' package — if you want extra assurance, review that package's repository and history before installing. (4) Prefer setting secrets in a secure store or per-project env rather than globally, and rotate the password if you stop using the skill. Overall, there are no red flags indicating off-purpose behavior, but treat your Bring! password as sensitive and verify the bring-api dependency if you have high security requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bt92pnxk2k1z5pjh1m6z5nn814j71

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsuv
EnvBRING_EMAIL, BRING_PASSWORD
Primary envBRING_EMAIL

Comments