ClawHub

Render

v1.0.0

Render cloud platform — manage services, deployments, databases, environment groups, and custom domains via the Render API. Deploy web services, static sites...

0· 363·2 current·2 all-time
by@aiwithabidi
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and primary credential (RENDER_API_KEY) align with a Render API integration. The CLI uses only Python stdlib as claimed. However, the script also consults a WORKSPACE env and a ~/.openclaw/workspace/.env file as a fallback for the token — this behavior is not documented in SKILL.md and extends the skill's local file access surface.
!
Instruction Scope
SKILL.md instructs running scripts/render.py and says data is sent only to Render, but it omits that the script will attempt to read a local .env file under the workspace path to find RENDER_API_KEY. Reading local workspace files (even only to extract this token) is scope creep relative to the instructions and should be disclosed.
Install Mechanism
No install spec (instruction-only with a single script); nothing is downloaded or written to disk by an installer, which minimizes installation risk.
!
Credentials
The declared required env var is only RENDER_API_KEY (appropriate). But the code also uses an undocumented WORKSPACE env to locate ~/.openclaw/workspace/.env and will read that file if present. That file may contain other secrets; although the script only extracts RENDER_API_KEY, reading a .env file increases the chance of accidental exposure and is not declared in requires.env.
Persistence & Privilege
always is false, there is no evidence the skill persists itself or modifies other skills or system-wide settings. It runs as a CLI and exits; no elevated persistence requested.
Scan Findings in Context
[reads_local_env_file] unexpected: scripts/render.py will open a local file at ${WORKSPACE:-~/.openclaw/workspace}/.env and parse it to extract RENDER_API_KEY. The SKILL.md does not document this fallback file read. Reading local dotfiles is not strictly necessary if the user supplies RENDER_API_KEY as an environment variable and is unexpected behavior for an API client described as 'never stores data locally.'
[undocumented_WORKSPACE_env_usage] unexpected: The script reads an environment variable WORKSPACE to locate the fallback .env. WORKSPACE is not declared in requires.env or documented; its presence changes the file-read behavior.
[inconsistent_api_paths] expected: The script uses a variety of endpoint paths (e.g., /service/create, /service/get, /deploy/rollback) that look inconsistent. This is likely sloppy coding rather than malicious, but it may cause runtime errors or indicate the script was adapted without correctness checks.
What to consider before installing
This skill is generally coherent with a Render API client, but be aware it will try to read a local .env file at ${WORKSPACE:-~/.openclaw/workspace}/.env to find RENDER_API_KEY if the env var is not set — this is not documented in SKILL.md. Before installing: (1) set RENDER_API_KEY explicitly in your environment rather than relying on a workspace .env file; (2) inspect any ~/.openclaw/workspace/.env file contents and remove other secrets you don't want scripts to read; (3) consider running the script in a controlled environment or review/modify the get_token() fallback to remove the .env read if you prefer it not access local files. If the undocumented fallback is acceptable and you supply only the Render API key, the risk is limited; if you store other sensitive vars in the workspace .env, don't install this skill without code changes.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🚀 Clawdis
EnvRENDER_API_KEY
Primary envRENDER_API_KEY
latestvk972ymtrpmgxtts0jvtrks2hgd82cgp9
363downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@aiwithabidi
latest
Download

🚀 Render

Render cloud platform — manage services, deployments, databases, environment groups, and custom domains via the Render API.

Features

  • Service management — web services, static sites, cron jobs
  • Deployment tracking — deploy history, rollbacks, status
  • Database management — PostgreSQL provisioning and management
  • Environment variables — manage env vars and env groups
  • Custom domains — add and configure custom domains
  • Auto-deploy — trigger deploys from API
  • Scaling — manage instance count and plan
  • Logs — access service logs
  • Bandwidth metrics — monitor usage and costs
  • Blueprint sync — infrastructure as code

Requirements

VariableRequiredDescription
RENDER_API_KEYAPI key/token for Render

Quick Start

# List services
python3 {baseDir}/scripts/render.py services --limit 20

# Get service details
python3 {baseDir}/scripts/render.py service-get srv-abc123

# Create a service
python3 {baseDir}/scripts/render.py service-create '{"type":"web_service","name":"my-api","repo":"https://github.com/user/repo","branch":"main","runtime":"python"}'

# List deployments
python3 {baseDir}/scripts/render.py deploys --service srv-abc123 --limit 10

Commands

services

List services.

python3 {baseDir}/scripts/render.py services --limit 20

service-get

Get service details.

python3 {baseDir}/scripts/render.py service-get srv-abc123

service-create

Create a service.

python3 {baseDir}/scripts/render.py service-create '{"type":"web_service","name":"my-api","repo":"https://github.com/user/repo","branch":"main","runtime":"python"}'

deploys

List deployments.

python3 {baseDir}/scripts/render.py deploys --service srv-abc123 --limit 10

deploy

Trigger a deploy.

python3 {baseDir}/scripts/render.py deploy --service srv-abc123

deploy-rollback

Rollback to previous deploy.

python3 {baseDir}/scripts/render.py deploy-rollback --service srv-abc123 --deploy dep-xyz

databases

List databases.

python3 {baseDir}/scripts/render.py databases

database-create

Create PostgreSQL database.

python3 {baseDir}/scripts/render.py database-create '{"name":"my-db","plan":"starter"}'

env-vars

List environment variables.

python3 {baseDir}/scripts/render.py env-vars --service srv-abc123

env-set

Set environment variable.

python3 {baseDir}/scripts/render.py env-set --service srv-abc123 "DATABASE_URL" "postgres://..."

env-delete

Delete environment variable.

python3 {baseDir}/scripts/render.py env-delete --service srv-abc123 DATABASE_URL

domains

List custom domains.

python3 {baseDir}/scripts/render.py domains --service srv-abc123

domain-add

Add custom domain.

python3 {baseDir}/scripts/render.py domain-add --service srv-abc123 api.example.com

logs

Get service logs.

python3 {baseDir}/scripts/render.py logs --service srv-abc123 --limit 100

suspend

Suspend a service.

python3 {baseDir}/scripts/render.py suspend --service srv-abc123

Output Format

All commands output JSON by default. Add --human for readable formatted output.

# JSON (default, for programmatic use)
python3 {baseDir}/scripts/render.py services --limit 5

# Human-readable
python3 {baseDir}/scripts/render.py services --limit 5 --human

Script Reference

ScriptDescription
{baseDir}/scripts/render.pyMain CLI — all Render operations

Data Policy

This skill never stores data locally. All requests go directly to the Render API and results are returned to stdout. Your data stays on Render servers.

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Comments

Loading comments...