Render Deploy
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Render deployment helper, but it will use your Render account and optional local deployment memory when you ask it to deploy.
Install this only if you want the agent to help deploy to Render using your Render credential. Before approving actions, check the target workspace, repo, branch, service plan, environment variables, and any git commit/push. If you enable local memory, keep secrets out of it unless you deliberately choose otherwise.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could create or modify cloud services or deployment configuration in your Render workspace.
The skill can direct an agent to create Render services and update environment variables, which are account-mutating deployment actions.
`list_services`, `create_web_service`, `update_environment_variables`, and `list_deploys` map to Render MCP operations
Review the planned service name, repo, branch, plan, region, and environment variables before approving provisioning or updates.
A valid Render credential gives the agent delegated access to perform deployment and workspace operations.
The skill requires a Render API key or authenticated Render CLI session to act in the user's Render account.
Required env vars: RENDER_API_KEY ... Primary credential: RENDER_API_KEY
Use a properly scoped Render API key where possible and avoid sharing unrelated credentials; rotate the key if you no longer need the integration.
Installing the CLI adds a third-party local binary that the agent may use for deployment operations.
The install path depends on the external Render CLI package installed through Homebrew.
brew | formula: render | creates binaries: render
Install the Render CLI from the expected trusted package source and keep it updated.
Local memory may retain project names, workspace choices, repository/deployment context, and environment-variable names that influence later deployments.
The skill can persist deployment context locally for reuse across future sessions.
Store durable context only: ... Workspace and method preference ... Stable env var inventory (names and ownership, not secret values unless user asks)
Allow memory only if you want persistent deployment context, and do not store secret values there unless you explicitly intend to.
Deployment configuration and workspace-scoped metadata may be sent to Render's MCP service during direct provisioning.
The skill discloses an MCP-based provisioning path that sends service configuration and workspace metadata to Render.
https://mcp.render.com | Service creation/config requests and workspace-scoped metadata | MCP direct provisioning
Confirm the selected Render workspace and service configuration before using MCP direct creation.