ClawHub

Agentstead Deploy

v1.4.1

Deploy OpenClaw AI agents to AgentStead cloud hosting. Use when a user wants to deploy a sub-agent on AgentStead, connect Telegram/Discord, and launch quickl...

0· 395·0 current·0 all-time
byAgentstead@angusmolt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, declared capabilities (http, exec), and network permission (agentstead.com) line up with the SKILL.md helper script which calls https://www.agentstead.com/api to create/configure/start/stop agents and add channels. The operations (login, create, configure, channel, start/stop, subscribe) are coherent with a deployment/hosting skill.
Instruction Scope
Instructions provide a concrete helper script written to /tmp and use curl/jq to call only AgentStead API endpoints. The script stores an auth token at $HOME/.agentstead-token and reads it for subsequent calls—this is expected for a hosted-service deploy tool. It will accept third‑party bot tokens when adding channels (Telegram/Discord), so users must supply those secrets themselves.
Install Mechanism
There is no install spec (instruction-only). The skill writes a helper script via heredoc into /tmp and marks it executable; this is a low-risk, transparent action but will create files on the user's machine. No downloads from untrusted URLs or package installs are performed.
Credentials
The skill metadata declares no required env vars, but the SKILL.md recommends AGENTSTEAD_EMAIL and AGENTSTEAD_PASSWORD as convenient alternatives to interactive login. That mismatch (declared none vs. actual optional env usage) should be noted. The only credentials the script handles are the AgentStead login and any third‑party bot tokens the user provides for channels—both relevant to the skill's purpose.
Persistence & Privilege
The skill is not always:true and is user-invocable. It persists an auth token to $HOME/.agentstead-token (file perms set to 600) for session use; this is expected for a CLI helper. The skill does not request system-wide or other-skills' configuration.
Assessment
This skill appears to do what it says: it installs (writes) a small helper script that calls AgentStead's API and stores an auth token in ~/.agentstead-token. Before installing/use: 1) Verify you trust https://agentstead.com (review their site and API docs). 2) Inspect the helper script text in SKILL.md (it is included) to confirm no unexpected hosts or commands. 3) Be cautious when supplying third‑party bot tokens (Telegram/Discord); provide tokens only when needed and consider using dedicated/test accounts. 4) Note the metadata did not list AGENTSTEAD_EMAIL/AGENTSTEAD_PASSWORD even though the instructions reference them—expect interactive login if you don't set env vars. 5) Remove ~/.agentstead-token when finished if you don't want a persistent token. If you want higher assurance, ask the publisher for a reproducible install (signed release) or for documentation linking to official AgentStead developer docs.

Like a lobster shell, security has layers — review code before you run it.

latestvk975dyaxrst57x9r6m9gn5bjbh8351d8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AgentStead Deploy Skill

Deploy and manage AI agents on AgentStead cloud hosting.

Prerequisites

  • An AgentStead account (sign up at https://agentstead.com/signup)
  • curl and jq installed (standard on most systems)
  • An auth token from logging in

Authentication

First, log in to get an auth token. The skill provides a helper script that safely handles credentials:

# Save the deploy helper script
cat > /tmp/agentstead-deploy.sh << 'SCRIPT'
#!/bin/bash
# AgentStead Deploy Helper — handles JSON escaping safely
set -e

API="https://www.agentstead.com/api"
TOKEN_FILE="$HOME/.agentstead-token"

cmd_login() {
  local email="${1:-$AGENTSTEAD_EMAIL}" password="${2:-$AGENTSTEAD_PASSWORD}"
  if [ -z "$email" ]; then
    read -p "Email: " email
  fi
  if [ -z "$password" ]; then
    read -sp "Password: " password
    echo
  fi
  local body
  body=$(jq -n --arg e "$email" --arg p "$password" '{email: $e, password: $p}')
  local resp
  resp=$(curl -s -X POST "$API/auth/login" -H "Content-Type: application/json" -d "$body")
  local token
  token=$(echo "$resp" | jq -r '.token // empty')
  if [ -z "$token" ]; then
    echo "ERROR: Login failed — $(echo "$resp" | jq -r '.error // "unknown error"')" >&2
    return 1
  fi
  echo "$token" > "$TOKEN_FILE"
  chmod 600 "$TOKEN_FILE"
  echo "OK: Logged in successfully"
}

cmd_create() {
  local name="$1" plan="${2:-STARTER}" ai_plan="${3:-PAYG}" model="${4:-SONNET}"
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  local body
  body=$(jq -n \
    --arg name "$name" \
    --arg plan "$plan" \
    --arg aiPlan "$ai_plan" \
    --arg model "$model" \
    '{name: $name, plan: $plan, aiPlan: $aiPlan, defaultModel: $model}')
  curl -s -X POST "$API/agents" \
    -H "Content-Type: application/json" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" \
    -d "$body" | jq .
}

cmd_configure() {
  local agent_id="$1" personality="$2"
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  local body
  body=$(jq -n --arg p "$personality" '{personality: $p}')
  curl -s -X PATCH "$API/agents/$agent_id" \
    -H "Content-Type: application/json" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" \
    -d "$body" | jq .
}

cmd_channel() {
  local agent_id="$1" type="$2" bot_token="$3"
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  local body
  body=$(jq -n --arg t "$type" --arg bt "$bot_token" '{type: $t, config: {botToken: $bt}}')
  curl -s -X POST "$API/agents/$agent_id/channels" \
    -H "Content-Type: application/json" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" \
    -d "$body" | jq .
}

cmd_start() {
  local agent_id="$1"
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  curl -s -X POST "$API/agents/$agent_id/start" \
    -H "Content-Type: application/json" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" | jq .
}

cmd_stop() {
  local agent_id="$1"
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  curl -s -X POST "$API/agents/$agent_id/stop" \
    -H "Content-Type: application/json" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" | jq .
}

cmd_list() {
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  curl -s "$API/agents" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" | jq '.agents[] | {id, name, status, plan, aiPlan, defaultModel}'
}

cmd_subscribe() {
  local agent_id="$1" astd_cost="$2"
  local token
  token=$(cat "$TOKEN_FILE" 2>/dev/null) || { echo "ERROR: Not logged in" >&2; return 1; }
  local body
  body=$(jq -n --argjson cost "$astd_cost" '{planAstdCost: $cost}')
  curl -s -X POST "$API/agents/$agent_id/subscribe-astd" \
    -H "Content-Type: application/json" \
    -H "x-cognito-id: $(cat "$TOKEN_FILE")" \
    -d "$body" | jq .
}

case "$1" in
  login)     cmd_login "$2" "$3" ;;
  create)    cmd_create "$2" "$3" "$4" "$5" ;;
  configure) cmd_configure "$2" "$3" ;;
  channel)   cmd_channel "$2" "$3" "$4" ;;
  start)     cmd_start "$2" ;;
  stop)      cmd_stop "$2" ;;
  list)      cmd_list ;;
  subscribe) cmd_subscribe "$2" "$3" ;;
  *) echo "Usage: agentstead-deploy.sh {login|create|configure|channel|start|stop|list|subscribe}" ;;
esac
SCRIPT
chmod +x /tmp/agentstead-deploy.sh

Usage

1. Log in

# Option A: Use environment variables (recommended)
export AGENTSTEAD_EMAIL="user@example.com"
export AGENTSTEAD_PASSWORD="password123"
/tmp/agentstead-deploy.sh login

# Option B: Interactive prompts (password hidden)
/tmp/agentstead-deploy.sh login

# Option C: Pass email only, prompt for password
/tmp/agentstead-deploy.sh login "user@example.com"

2. Create an agent

# Args: name, hardware_plan, ai_plan, default_model
/tmp/agentstead-deploy.sh create "My Agent" "STARTER" "PAYG" "SONNET"

Hardware plans: STARTER ($9/mo), PRO ($29/mo), BUSINESS ($59/mo), ENTERPRISE ($99/mo)

AI plans: BYOK (bring your own key), PAYG (pay-as-you-go from ASTD wallet), ASTD_1000–ASTD_10000

Models (AgentStead Provided):

  • Anthropic: HAIKU, SONNET, OPUS
  • AWS Bedrock: BEDROCK_HAIKU, BEDROCK_SONNET, BEDROCK_OPUS, BEDROCK_HAIKU45, BEDROCK_NOVA_PRO, BEDROCK_NOVA_LITE, BEDROCK_NOVA_MICRO, BEDROCK_LLAMA4_MAVERICK, BEDROCK_LLAMA33_70B, BEDROCK_DEEPSEEK_R1, BEDROCK_MISTRAL_LARGE, BEDROCK_COMMAND_R_PLUS
  • Ollama (free): DEEPSEEK_V3, QWEN3, LLAMA4, GEMMA3, MISTRAL_LARGE, GLM5, KIMI_K2, MINIMAX

3. Activate subscription (deduct ASTD from wallet)

# Args: agent_id, astd_cost (900=Starter, 2900=Pro, 5900=Business, 9900=Enterprise)
/tmp/agentstead-deploy.sh subscribe "agent-uuid-here" 900

4. Set personality

/tmp/agentstead-deploy.sh configure "agent-uuid-here" "You are a helpful coding assistant specializing in Python."

5. Add a channel (Telegram, Discord, WhatsApp, Slack)

/tmp/agentstead-deploy.sh channel "agent-uuid-here" "TELEGRAM" "123456:ABC-DEF..."

6. Start the agent

/tmp/agentstead-deploy.sh start "agent-uuid-here"

7. List agents

/tmp/agentstead-deploy.sh list

8. Stop an agent

/tmp/agentstead-deploy.sh stop "agent-uuid-here"

Security

  • All user input is passed through jq for safe JSON encoding — never interpolated directly into shell commands
  • Auth tokens are stored in $HOME/.agentstead-token with 600 permissions (owner-only read)
  • Credentials are read from environment variables or interactive prompts — never passed as CLI arguments
  • All API calls use HTTPS
  • Network access is restricted to agentstead.com only

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…