Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Senior Devops
v2.1.1Comprehensive DevOps skill for CI/CD, infrastructure automation, containerization, and cloud platforms (AWS, GCP, Azure). Includes pipeline setup, infrastruc...
⭐ 7· 3.9k·23 current·23 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description claim comprehensive CI/CD, Terraform, and cloud deployments (AWS/GCP/Azure). However, the three included Python scripts are simple scaffolding/placeholders that only validate a path, produce an empty 'findings' list, and print a report — they do not implement Terraform, AWS/GCP/Azure SDK/CLI calls, container orchestration, or actual pipeline generation. The declared requirements list no cloud credentials or binaries (terraform, aws, kubectl, docker), which is inconsistent with the described capabilities.
Instruction Scope
SKILL.md instructs running the included scripts and provides examples that show terraform validate/plan, aws ecs update-service, Docker build/push, and Kubernetes blue/green deployment YAML. Those examples will require external CLIs/credentials in practice, but the runtime instructions do not request those env vars or explain prerequisites. The README examples could mislead users into thinking the scripts perform those actions when the current script implementations do not.
Install Mechanism
No install spec is present and the skill is instruction-only with bundled scripts and docs. Nothing will be downloaded from external URLs during install, so there is low install-time risk. The included Python files are local and human-readable.
Credentials
The skill declares no required environment variables or primary credential despite providing examples that would normally require AWS/GCP/Azure credentials and CLI tools. This omission is an inconsistency: a legitimate DevOps skill that performs cloud operations would normally require and document credentials and local tooling prerequisites.
Persistence & Privilege
The skill is not force-included (always:false) and does not request persistent system-wide privileges. It does not modify other skills' configs or request elevated presence. Autonomous invocation remains enabled by default (normal), but there are no additional privilege requests.
What to consider before installing
This skill appears to overpromise: the README and examples describe full cloud CI/CD and infra actions, but the shipped scripts are simple placeholders that only validate a target path and print reports. Before installing or using it in production: 1) Review the three Python files yourself — they are short and local; verify whether they implement the cloud/terraform logic you need. 2) Do not run these scripts against production environments until you confirm what they do; run in a sandbox. 3) If you expect real AWS/GCP/Azure or terraform operations, require the author to document prerequisites (AWS creds, terraform, kubectl, docker) and to add explicit env var handling and safety checks. 4) Prefer skills from a known, trusted source and ask the publisher for a changelog or proof of implementation. If you want, I can (a) list the exact code locations to inspect for hidden network calls or credential usage, or (b) produce a checklist of minimal tests to validate the skill safely.Like a lobster shell, security has layers — review code before you run it.
ci/cdvk97cwfktjdxn972pbq8thd8s85807yg7devopsvk97cwfktjdxn972pbq8thd8s85807yg7engineeringvk97cwfktjdxn972pbq8thd8s85807yg7latestvk9783e9vaxqgp6pcharxt284an82j1y5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.