ClawHub

bambuddy

v1.0.3

Full integration with a self-hosted Bambuddy instance — the print archive and management system for Bambu Lab 3D printers. Covers printers, real-time status,...

0· 73·0 current·0 all-time
by@zdstudios
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (curl, jq), and required env vars (BAMBUDDY_URL, BAMBUDDY_API_KEY) directly correspond to calling a Bambuddy REST API. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md contains explicit curl commands for specific Bambuddy endpoints and instructs using the BAMBUDDY_URL and API key header. It does not instruct reading unrelated files or environment variables or sending data to unexpected endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by an installer.
Credentials
Only BAMBUDDY_URL and BAMBUDDY_API_KEY are required, which are the expected minimal inputs for a REST-API integration. The declared primary credential is the API key; this is proportionate to the functionality (which includes controlling printers).
Persistence & Privilege
always is false (good). The skill uses the platform default allowing autonomous invocation (disable-model-invocation: false). This is standard, not a coherence problem, but note that autonomous use combined with a powerful API key could allow actions without an explicit user prompt.
Assessment
This skill appears coherent for managing a Bambuddy server, but it can call endpoints that control printers and create/delete API keys — actions with real-world impact. Before installing: - Only provide a dedicated API key scoped to the minimum permissions needed (prefer read-only if you only want status/archives). - Do not supply a full-admin API key; rotate keys after testing. - Ensure BAMBUDDY_URL points to your internal, access-restricted server (not a public URL). - Consider disabling autonomous invocation (or require confirmation) if you want to prevent the agent from performing control or delete actions without explicit approval. - Audit server logs and monitor API key usage and create restrictive policies (expires_at, printer_ids) for keys the skill might create or use. If you want me to suggest a safe policy for a restricted API key or to extract which endpoints are destructive so you can require confirmation, tell me and I will list them.

Like a lobster shell, security has layers — review code before you run it.

Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
Required envBAMBUDDY_URL, BAMBUDDY_API_KEY
latestvk97dhtr04pts6bb2jqevf2mb498415ta

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq
EnvBAMBUDDY_URL, BAMBUDDY_API_KEY
Primary envBAMBUDDY_API_KEY

Config example

Starter config for this plugin bundle.

skills.entries.bambuddy = {
  enabled = true;
  env = {
    BAMBUDDY_URL = "http://localhost:8000";
    BAMBUDDY_API_KEY = "bb_your_key_here";
  };
};

Comments