DevOps Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real DevOps assistant, but its monitoring defaults and cloud-backup authority need careful review before use on a server.
Use this only on servers where you intend to allow real DevOps changes. Start with --dry-run, review generated Nginx/systemd/cron/backup scripts, restrict Prometheus/exporter access, use dedicated cloud backup credentials, and confirm rollback and cleanup steps before enabling persistent services.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed on an internet-reachable server, monitoring data or lifecycle controls could be exposed beyond the intended operator.
The Prometheus service template binds to all interfaces and enables its lifecycle endpoint; the artifacts do not show authentication, a firewall rule, or private-network restriction.
--web.listen-address=0.0.0.0:9090 ... --web.enable-lifecycle
Bind monitoring services to localhost or a private interface by default, add authentication/reverse-proxy protection, and require explicit confirmation of exposed ports.
Backups may be written using the machine's default cloud account/profile, which could be broader than intended or point to the wrong account.
The backup generator uploads backups using provider CLIs such as AWS/OSS, which normally rely on locally configured cloud credentials; this is expected for remote backups but not declared as a credential contract.
# === 上传到 S3 === ... aws s3 cp
Use dedicated least-privilege backup credentials, require explicit profile/account/bucket confirmation, and document the required cloud credential setup.
A repository's build scripts, Dockerfile, or docker-compose file can run code on the target server and create long-running services.
The deploy workflow intentionally clones a user-provided repository and runs build or container commands from it. That is purpose-aligned for deployment, but it executes project-controlled code.
git clone <repo-url> "$DEPLOY_DIR" ... npm ci && npm run build ... docker compose up -d
Deploy only trusted repositories, review package scripts/Dockerfiles/compose files first, and use dry-run plus explicit approval before running builds or containers.
Services and monitoring components may continue running after the agent session ends or after a reboot.
The systemd templates create services that restart automatically and are enabled to start at boot. This is normal for DevOps deployment but creates persistence.
Restart=always ... sudo systemctl enable {{APP_NAME}}Keep a list of created service names, review rollback instructions, and disable/remove services when they are no longer needed.
Secrets or private application files could be duplicated into local snapshots and remain there until manually removed.
Rollback snapshots copy the deployment directory into a persistent snapshot location. Deployment directories often contain .env files or other secrets.
cp -r "$DEPLOY_DIR" "$SNAPSHOT_DIR/app_backup"
Protect snapshot directories with restrictive permissions, define retention/cleanup, and consider excluding or encrypting secret files.
If followed, the user would run a remote installation script with elevated impact on the system.
The preflight helper suggests a remote installer piped to a shell for Docker. It appears to be a user-directed install suggestion, not automatic execution.
docker) echo "curl -fsSL https://get.docker.com | sh" ;;
Prefer distribution package managers, pinned versions, checksums, or vendor-documented installation steps reviewed by the operator.