📦 Bitbucket — 浏览/评审代码

v1.0.2

一键浏览 Bitbucket Cloud 仓库、查看 PR、审阅 diff、切换分支，让代码评审与协作更高效。

0· 160·0 当前·0 累计

by @pejovicvuk (Vuk Pejović)

开发工具云服务 API工具

下载技能包

最后更新

2026/3/31

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill is coherent and implements a read-only Bitbucket Cloud explorer. Before installing: 1) Use a dedicated Bitbucket API token scoped to Repositories: Read and Pull requests: Read (do not reuse broader tokens). 2) Run the skill on an isolated gateway or container — the script supplies credentials to curl with -u "email:token", which can expose credentials in process listings on some hosts. If that is a concern, consider mitigating (run in an ephemeral container, restrict access to the hos...

详细分析 ▾

✓ 用途与能力

Name/description match the code and SKILL.md. The script and instructions only reference Bitbucket Cloud APIs and require ATLASSIAN_EMAIL, BITBUCKET_API_TOKEN, and BITBUCKET_WORKSPACE, which are appropriate for a Bitbucket read-only client.

ℹ 指令范围

Instructions are narrowly scoped to Bitbucket read-only exploration and explain available commands. One operational security note: the script passes credentials to curl with -u "user:token"; on some host systems that can expose credentials in process listings (ps) while the command runs. The SKILL.md does not warn about that; consider running the gateway in an isolated environment or using a method that limits exposure.

✓ 安装机制

No install spec (instruction-only skill) and the only shipped code is a single bash script. No downloads from external URLs or package installs are performed by the skill itself.

ℹ 凭证需求

The three required environment variables are expected and necessary for Bitbucket API access. The SKILL.md explicitly asks for a read-only-scoped API token, which is proportionate. Minor inconsistency: registry metadata lists no primary credential even though BITBUCKET_API_TOKEN is the main secret used — not a functional problem but worth noting for catalog accuracy.

✓ 持久化与权限

always is false and the skill does not request any elevated persistence or system-wide changes. Autonomous invocation is allowed (platform default) and appropriate for this type of skill.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.22026/3/24

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install atlassian-bitbucket

镜像加速npx clawhub@latest install atlassian-bitbucket --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库