Caprover CI Deployments
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its deployment purpose, but it asks for powerful CapRover/GitHub credentials and handles some deploy tokens in ways users should review before installing.
Use this skill only if you are comfortable granting deployment authority. Before installing, replace master-password use with per-app tokens, use least-privilege GitHub credentials, avoid sharing logs that may contain webhook details, and review or pin the generated GitHub Actions workflows.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are misused or exposed, an attacker or mistaken agent action could trigger deployments or affect private repositories and CapRover apps.
The skill asks for persistent storage of high-privilege deployment credentials, including a CapRover master password and broad GitHub PAT scopes. This is purpose-related, but the authority is broad and not minimized to per-app or fine-grained tokens.
All credentials live in a `config.json` file in the skill directory (gitignored) ... "password": "YOUR_MASTER_PASSWORD" ... "token": "ghp_YOUR_GITHUB_PAT" ... For private repos, the GitHub token needs `repo` + `workflow` scopes
Prefer per-app CapRover deploy tokens over the master password, use fine-grained GitHub tokens with only the required repository/action permissions, and document these credentials in the skill metadata.
Deploy tokens could be accidentally revealed to other local users, logs, or chat history, enabling unauthorized deploy triggers.
CapRover webhook URLs and app tokens are secret-bearing deploy credentials. Printing part of the webhook URL and passing the app token as a command-line argument can expose secrets in terminal logs, agent transcripts, or local process listings.
print(f" URL: {webhook_url[:60]}...") ... "--appToken", app_tokenRedact webhook URLs completely in output, avoid placing tokens in process arguments when possible, and use a secret manager or environment-based credential passing with careful log masking.
A vague or mistaken deploy request could deploy the wrong app, branch, or environment.
The skill directly triggers GitHub workflow dispatches, CapRover webhooks, or CLI deploys. This is the advertised purpose, but it changes deployment state and should be treated as a high-impact action.
When user says "deploy X" ... Choose strategy ... Execute and report result
Require explicit confirmation of app, branch/ref, environment, and strategy before triggering a deployment, especially for production.
A compromised or changed upstream action could affect future deployments.
The generated CI workflow depends on external GitHub Actions referenced by version tags. This is normal for CI/CD templates, but tag-based references can move compared with immutable commit SHAs.
uses: docker/login-action@v3 ... uses: docker/build-push-action@v5 ... uses: caprover/deploy-from-github@v1
Review the referenced actions and consider pinning them to immutable commit SHAs for production repositories.