Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (automate CMDB test-environment release) aligns with the runtime instructions: open the CMDB URL, locate an app, pick the fixed branch/environment, fill description, and submit. Nothing in the skill asks for unrelated cloud credentials, system files, or tools.
Instruction Scope
Instructions ask the agent to use a browser tool to open the CMDB URL and, if necessary, perform a user login and interact with UI elements to submit a release. This is within the skill's purpose, but it implies the agent may act using the user's saved web-session or perform UI-driven changes in the user's real CMDB account — so callers should ensure the agent only acts with explicit user authorization and verifies the target app before submitting.
Install Mechanism
No install spec and no code files are present (instruction-only). There is no download or package installation, which keeps disk-write/execute risk minimal.
Credentials
The skill declares no required environment variables, credentials, or config paths. It expects a browser session and the user’s CMDB account for login; these are proportional to a web-UI automation release task.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes. Autonomous invocation is allowed (platform default); combined with the ability to act in the user's CMDB account this means the agent could perform releases autonomously if invoked, so users should control invocation scope and confirmations.
Assessment
This skill appears coherent for automating test-environment releases, but before installing: (1) confirm the skill will always ask you to confirm the target app and final submit (avoid silent automated releases); (2) understand it will use your browser session or prompt you to log in—ensure credentials or session cookies are only stored/used in a place you trust and that 2FA is enabled on your CMDB account; (3) run it first in a safe/test account or for a non-critical app to observe behavior; (4) verify the CMDB URL matches your organization’s official site; and (5) restrict who can invoke the skill (keep it user-invocable and avoid granting it broad autonomous triggers).Like a lobster shell, security has layers — review code before you run it.
latestvk974x0tdpy8ggxm7fwbp9whytx83kqcg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.