← Back to Skills Marketplace
rabin-thami

Bun Runtime

by rabin-thami · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2044
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install bun-runtime
Description
Bun runtime capabilities for filesystem, process, and network operations. Use when you need to execute Bun-specific operations like Bun.file(), Bun.write(), or Bun.glob() for optimized file handling, or when working with Bun's native process/network APIs. Triggered by requests for Bun runtime features, file operations with Bun, or high-performance I/O tasks.
README (SKILL.md)

Bun Runtime

Native Bun runtime operations for filesystem, process, and network tasks.

When to Use

Use this skill when:

  • Working with Bun's native file APIs (Bun.file(), Bun.write(), Bun.glob())
  • Need optimized I/O operations in Bun environment
  • Running Bun-specific process commands
  • Making network requests with Bun's fetch

Filesystem Operations

Read File

scripts/bun-fs.sh read /path/to/file.txt

Returns JSON: {"content": "file contents"}

Write File

scripts/bun-fs.sh write /path/to/file.txt "content here"

Creates parent directories automatically. Returns JSON: {"written": true, "path": "/path/to/file.txt"}

Glob Files

scripts/bun-glob.sh "/tmp/*.txt"

Returns JSON: {"files": ["/tmp/file1.txt", "/tmp/file2.txt"], "count": 2}

Process Operations

Execute Command

scripts/bun-process.sh "ls -la"

Runs shell command and returns output.

Network Operations

HTTP Request

scripts/bun-fetch.sh "https://api.example.com" "GET"

Makes HTTP request using Bun's native fetch.

Notes

  • All scripts use Bun's native APIs for better performance
  • File operations automatically handle encoding
  • Errors are returned with clear messages
Usage Guidance
This skill appears to implement the Bun operations it advertises, but there are practical and safety issues you should consider before installing: (1) The metadata does not declare that the 'bun' binary is required — ensure 'bun' is installed and available in PATH or the scripts will fail. (2) bun-process.sh runs arbitrary shell commands via eval and then interpolates their output into a bun -e invocation without escaping — this is fragile and can lead to command injection or broken output/JSON. (3) bun-fetch.sh allows arbitrary URLs and bodies; it can be used to exfiltrate data if the agent is given sensitive paths or content. (4) Inputs are not sanitized/escaped in several places (single-quote interpolation into JS strings), which can break behavior or enable injection. Recommended actions: only install if you trust the source; update the skill metadata to declare 'bun' as a required binary; review and harden the scripts (avoid eval, properly escape user inputs, restrict allowed commands or network destinations if possible); and test in a sandboxed environment before use.
Capability Analysis
Type: OpenClaw Skill Name: bun-runtime Version: 1.0.0 This skill is classified as suspicious due to the presence of extremely broad and dangerous capabilities, coupled with severe command injection vulnerabilities. The `scripts/bun-process.sh` file explicitly uses `eval "$COMMAND"`, allowing arbitrary shell command execution on the host system. Additionally, `scripts/bun-fetch.sh` and `scripts/bun-fs.sh` are vulnerable to command injection through unescaped string interpolation into `bun -e` commands, enabling arbitrary JavaScript execution within the Bun runtime. While the `SKILL.md` documents these powerful capabilities, the implementation flaws and the inherent risk of arbitrary command execution make this skill highly exploitable for malicious activities like data exfiltration or system compromise, even without explicit malicious intent from the author.
Capability Assessment
Purpose & Capability
The skill claims Bun runtime capabilities (filesystem, process, network) which matches the scripts, but the metadata lists no required binaries or environment variables while all runtime scripts invoke the 'bun' executable. The package should declare 'bun' as a required binary; omitting it is an inconsistency that could mislead users about runtime requirements.
Instruction Scope
SKILL.md directs the agent to run the included scripts for read/write/glob/fetch/command execution. Those scripts permit arbitrary network requests (bun-fetch.sh) and arbitrary shell command execution (bun-process.sh via eval) and do not sanitize or escape inputs. Allowing unrestricted commands/URLs is expected for a general-purpose process/fetch tool but increases risk and should be explicit and limited.
Install Mechanism
There is no install spec (instruction-only), which minimizes installation risk. However, the presence of executable scripts means runtime relies on system state (presence of 'bun'), and no install-time checks or documentation in metadata assert that dependency.
Credentials
The skill requests no environment variables or credentials, which is appropriate given its stated purpose. The scripts operate on paths/URLs provided at runtime rather than requiring secrets.
Persistence & Privilege
The skill is not forced always-on (always:false) and is user-invocable; autonomous invocation is allowed by default but not combined with persistent privileges. Nothing in the skill requests system-wide persistence or modifies other skills' configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bun-runtime
  3. After installation, invoke the skill by name or use /bun-runtime
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Version 1.0.0 - Initial release of the bun-runtime skill. - Provides native Bun operations for filesystem (read, write, glob), process commands, and network requests. - Scripts utilize Bun APIs for optimized performance and I/O tasks. - Automatically manages file encodings and directory creation. - Returns clear, JSON-formatted results and error messages.
Metadata
Slug bun-runtime
Version 1.0.0
License
All-time Installs 5
Active Installs 5
Total Versions 1
Frequently Asked Questions

What is Bun Runtime?

Bun runtime capabilities for filesystem, process, and network operations. Use when you need to execute Bun-specific operations like Bun.file(), Bun.write(), or Bun.glob() for optimized file handling, or when working with Bun's native process/network APIs. Triggered by requests for Bun runtime features, file operations with Bun, or high-performance I/O tasks. It is an AI Agent Skill for Claude Code / OpenClaw, with 2044 downloads so far.

How do I install Bun Runtime?

Run "/install bun-runtime" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bun Runtime free?

Yes, Bun Runtime is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Bun Runtime support?

Bun Runtime is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bun Runtime?

It is built and maintained by rabin-thami (@rabin-thami); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments