Multi-Agent Deployment Skill for OpenClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real deployment helper, but it can create recurring agents, shared persistent memory, and privileged VPS changes, so it needs careful review before use.
Before using this skill, review the scripts, run them in a staging environment, back up openclaw.json and VPS data, use least-privilege credentials, define strict SOUL/tool limits for each agent, and keep cron jobs disabled until approval gates and monitoring are in place.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Agents could run on a schedule and take tool-enabled actions while the user is not actively supervising.
The skill explicitly tells users to enable scheduled agent runs. This is persistent autonomous behavior, and the artifacts do not include a clear uninstall, disable, rollback, or per-run approval plan.
Add to your `cron/jobs.json` for each agent: ... "enabled": true
Enable schedules only after defining tool limits and approval gates. Add a kill switch, monitoring, and rollback steps before using this in production.
A misleading or injected memory entry from one agent could influence other agents across future sessions.
The script copies Cross-Agent Intel from all selected agents into every agent's memory file without validation or approval. This can persist and propagate bad instructions or poisoned context across the fleet.
combined = "\n\n".join(intel_parts) ... write_section(path, "Cross-Agent Intel", combined)
Treat synced memory as untrusted input, review changes before syncing, keep backups, and restrict Cross-Agent Intel to factual summaries rather than instructions.
Existing agents or routing settings could be removed or broken, especially if followed by the deployment script's container restart.
When writing to an existing openclaw.json, the script replaces the whole agent list rather than merging or backing it up. A bad generated config could affect all configured agents.
existing["agents"]["list"] = config["agents"]["list"] ... json.dump(config, f, indent=2)
Back up openclaw.json, preview a diff before writing, test in staging, and prefer merge behavior over full replacement.
Running the script can change remote files and cause OpenClaw service downtime.
The deployment script uses an SSH key to modify a remote VPS and restart the OpenClaw Docker container. This is disclosed and purpose-aligned, but it is a powerful operation.
# Usage: bash deploy.sh --vps root@your-vps-ip --key ~/.ssh/your_key ... $SSH "docker restart $CONTAINER"
Review the script first, use a least-privilege SSH account instead of root when possible, confirm the target container, and keep a VPS backup.
Misconfigured or over-privileged keys could allow unwanted model usage, remote file changes, or service restarts.
The skill requires provider and VPS access. This is expected for its deployment purpose, but users should notice that these credentials grant meaningful authority.
- OpenRouter API key (for model routing) - SSH access to your VPS
Use scoped API keys and dedicated SSH credentials, avoid root where possible, and rotate credentials if they are exposed.