Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Railway Deploy
v1.0.0This skill should be used when the user wants to push code to Railway, says "railway up", "deploy", "deploy to railway", "ship", or "push". For initial setup or creating services, use new skill. For Docker images, use environment skill.
⭐ 0· 1.2k·3 current·3 all-time
by@dbanys
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md clearly implements a 'deploy to Railway' helper (uses `railway up`, environment edits, service targeting). However the registry metadata declares no required binaries or credentials while the instructions explicitly call `railway` CLI commands and show examples that modify projects/environments. The missing declared dependency on the Railway CLI and the lack of any declared primary credential is a minor incoherence: the skill will only work (and be able to act) if a Railway CLI is present and authenticated.
Instruction Scope
Instructions are focused on deploying and related tasks (detach/CI modes, target service/project, streaming logs). They also include commands that edit environment config (`railway environment edit --json`), set/delete variables, and mark services/volumes as deleted. Those are legitimate for a deployment skill but are high‑privilege actions — the SKILL.md gives the agent authority to change or delete Railway resources if the agent's CLI session has permissions. The skill does not instruct the agent to read unrelated local files or to exfiltrate data to unexpected endpoints.
Install Mechanism
Instruction-only skill with no install spec or code files. This lowers risk because nothing is downloaded or written to disk by the skill package itself.
Credentials
The skill declares no required environment variables or primary credential, yet operation depends on an authenticated Railway CLI session (or a Railway token available in the runtime). The reference docs mention many Railway/Railpack environment variables (RAILPACK_*, RAILWAY_*) but those are configuration values used by Railway — the skill itself does not declare or request secrets. Users should be aware that the agent will act with whatever Railway account/credentials are already present in its environment.
Persistence & Privilege
always:false and no install scripts — the skill does not request permanent inclusion or system-level modification. Autonomous invocation is allowed (platform default); combined with the skill's ability to change/delete projects, that means an agent invoked by this skill could act without extra prompts if the platform allows it, but that is a normal deployment plugin behavior rather than an inherent incoherence.
Assessment
This skill appears to be a straightforward Railway CLI deploy helper, but before installing or letting an agent use it: 1) Ensure the runtime has the Railway CLI installed and you understand which Railway account/token the agent will use—the skill itself doesn't declare credentials. 2) The skill's commands can edit environment variables, mark services/volumes deleted, and otherwise mutate project state—limit the agent's Railway account permissions or require human confirmation for destructive actions. 3) If you don't trust automatic runs, require the agent to ask for explicit approval before running `railway` commands or test in a separate project/account with limited privileges.Like a lobster shell, security has layers — review code before you run it.
latestvk972fh4nmwf43dcxa1nbj5bcnh80xfq0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.