Deploy Tool
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a local logging tool rather than a real PHP deployment tool; it stores entries on your computer and shows no external network or credential use.
Install only if you want a simple local deployment activity logger. It does not appear to perform real deployments, and you should avoid entering secrets or sensitive operational details into its logs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect actual deployment/provisioning features, but the tool appears to only store notes and history locally.
The advertised deployment-tool framing does not match the documented behavior, which is local logging/tracking rather than deploying PHP applications.
description: "The PHP deployment tool with support for popular frameworks..." ... "a utility toolkit for logging, tracking, and managing deployment-related entries from the command line."
Treat it as a deployment activity logger, not a deployment automation tool, unless additional artifacts prove otherwise.
Users have less information for verifying who maintains the skill or how the included script is meant to be installed.
The package provenance and installation path are not well documented. The included code is simple in the provided artifacts, but users have limited source context.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included script before use and prefer a trusted source/homepage or explicit install instructions.
Deployment notes, environment names, incident details, or secrets entered into the tool may remain on disk and later be surfaced to the agent.
The tool persistently stores arbitrary user-entered deployment notes and can later display or search them.
All data is stored locally in `~/.local/share/deploy-tool/` ... `history.log` — A unified activity log recording every write operation
Do not log passwords, tokens, private incident details, or other sensitive information; periodically review or delete the local data directory if needed.