Agentstead Deploy
ReviewAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts are a coherent AgentStead deployment helper, but users should notice that it runs a local Bash helper, uses AgentStead credentials/tokens, and can activate paid subscriptions.
Install/use this skill only if you trust AgentStead and intend to deploy hosted agents. Review the Bash helper before running it, confirm any paid subscription step before execution, use least-privilege bot tokens, and remove or revoke $HOME/.agentstead-token when you no longer need it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong command or using the wrong agent ID/cost could create hosted resources or spend ASTD wallet funds.
The helper can perform high-impact AgentStead account operations, including activating a subscription that deducts wallet balance. This is disclosed and aligned with deployment, but it can affect billing.
### 3. Activate subscription (deduct ASTD from wallet) /tmp/agentstead-deploy.sh subscribe "agent-uuid-here" 900
Only run subscription/start/configuration commands after confirming the target agent, selected plan, and expected cost.
Anyone who obtains the saved token may be able to manage the user's AgentStead agents until the token is revoked or removed.
The helper handles AgentStead login credentials and persists an auth token. This is expected for managing an AgentStead account, but it is sensitive authority.
local email="${1:-$AGENTSTEAD_EMAIL}" password="${2:-$AGENTSTEAD_PASSWORD}" ... echo "$token" > "$TOKEN_FILE" ... chmod 600 "$TOKEN_FILE"Prefer interactive password entry, avoid storing passwords in shell history, protect the token file, and remove or revoke the token when finished.
The local helper will execute curl/jq commands from the user's machine and should be trusted before use.
The skill instructs the user to create and execute a local Bash script. The script is visible in the artifact and purpose-aligned, but it still runs local shell commands and handles credentials.
cat > /tmp/agentstead-deploy.sh << 'SCRIPT' ... chmod +x /tmp/agentstead-deploy.sh
Inspect the script before running it and consider saving it in a private user-owned directory instead of /tmp.
A connected bot token may let the hosted agent send or receive messages in the linked chat service according to that bot's permissions.
The channel setup sends Telegram/Discord-style bot tokens to AgentStead so hosted agents can communicate through those channels. This is expected for the feature, but it crosses a service boundary.
cmd_channel() { ... bot_token="$3" ... '{type: $t, config: {botToken: $bt}}' ... "$API/agents/$agent_id/channels"Use dedicated bot tokens with minimal permissions and revoke them if the AgentStead deployment is no longer needed.
Users may have less assurance that the skill was published by the service it integrates with.
The registry provenance is limited even though the skill asks the user to run a helper and enter AgentStead credentials. The visible helper targets AgentStead, but users should still verify trust before use.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Verify the AgentStead domain and publisher before entering credentials or running the helper.