Senior Devops
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: senior-devops Version: 2.1.1 The skill bundle is a boilerplate template for DevOps automation. The included Python scripts (deployment_manager.py, pipeline_generator.py, and terraform_scaffolder.py) are functional stubs that perform basic path validation and print status messages without executing any actual deployment or infrastructure logic. The documentation and SKILL.md instructions are consistent with the stated purpose and contain no evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If similar commands are run against real systems, they could change or roll back production deployments.
The documented workflow includes production deployment commands, which are high-impact DevOps actions even though they are aligned with the skill's stated purpose and are presented as user-run examples.
python scripts/deployment_manager.py deploy \ --env=staging|production \ --image=app:1.2.3 \ --strategy=blue-green|rolling
Use explicit user approval, test in staging first, review generated commands or pipeline changes, and ensure cloud/IAM permissions are narrowly scoped.
A user may rely on the skill for DevOps automation or safety checks that the supplied scripts do not actually perform.
The bundled script appears to be a placeholder that reports success without implementing the advertised pipeline generation behavior, so users could over-trust the skill's capability claims.
# Main logic here
self.results['status'] = 'success'
self.results['target'] = str(self.target_path)
self.results['findings'] = []Treat the scripts as unverified scaffolding, inspect and test them before use, and do not rely on the advertised deploy, rollback, or Terraform behavior until it is actually implemented.