ClawHub

Bitbucket Toolbox

v1.1.2

Bitbucket Cloud wrapper optimized for Pull Request Code Analysis. Enables the agent to securely review Pull Requests, split large diffs by file, review code...

0· 100·0 current·0 all-time
by@zan768616253
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bitbucket PR review) match the declared requirements: only curl, python3, BITBUCKET_API_TOKEN, and BITBUCKET_WORKSPACE are required. All required items are appropriate for a Bitbucket read-only wrapper.
Instruction Scope
SKILL.md explicitly limits the agent to read-only operations and prescribes using diffstat before fetching large diffs. The included script implements only HTTPS GET requests to the Bitbucket API and performs input validation; instructions do not request irrelevant system data or broad access.
Install Mechanism
No remote install or downloads are performed (instruction-only skill with an included bash script). No third-party URLs, package installs, or archive extraction are present.
Credentials
The skill requests only two environment variables (BITBUCKET_API_TOKEN and BITBUCKET_WORKSPACE), which are proportional. Minor inconsistency: registry metadata lists no primary credential while the script requires BITBUCKET_API_TOKEN — this is a documentation/metadata gap rather than a functional risk.
Persistence & Privilege
Skill does not request permanent/always-on presence (always:false) and does not attempt to modify other skills or system configuration. It operates only when invoked.
Assessment
This skill appears to do exactly what it says: read-only Bitbucket PR and repo browsing via a bundled bash script. Before installing, ensure the BITBUCKET_API_TOKEN you provide is scoped to read-only access for Repositories and Pull Requests and stored securely (e.g., secrets manager). Review the bundled bb-cli.sh to confirm it will run in your environment (it uses curl and python3 and only calls https://api.bitbucket.org). Also fix the minor metadata gap (no primary credential listed) if you rely on tooling that expects primaryEnv to be set.

Like a lobster shell, security has layers — review code before you run it.

latestvk97em3c4x0zzq4a99ajgtjg6a583n1pn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛠️ Clawdis
Binscurl, python3
EnvBITBUCKET_API_TOKEN, BITBUCKET_WORKSPACE

Comments