ClawHub

Vercel Deployment Watchdog

v1.0.0

Monitor Vercel-hosted site deployments with automated health checks, cache freshness verification, and API validation. Use when you need to ensure deployment...

0· 75·0 current·0 all-time
by@ivanpruss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Vercel deployment monitoring) match the actual code and declared requirements: scripts call the Vercel API, inspect deployments, and perform HTTP checks. Required binaries (curl, jq) and the single required env var (VERCEL_TOKEN) are appropriate for this purpose.
Instruction Scope
SKILL.md and scripts primarily stay within monitoring scope (calling api.vercel.com, performing HTTP checks). The scripts read/write a local state file (~/.openclaw/workspace/state/watchdog-state.json by default). There is an opt-in ALLOW_INTERNAL flag that disables hostname validation and permits internal/private address checks; the README warns about it, but there is a small inconsistency in help text suggesting internal checks might be 'enabled by default' — this is a documentation mismatch to review before use.
Install Mechanism
Instruction-only with small shell scripts included; there is no remote download/extract step or package installation performed by the skill itself. Lowest-risk install mechanism.
Credentials
Only VERCEL_TOKEN is required, which is proportional to interacting with the Vercel API. Optional envs (ALLOW_INTERNAL, WATCHDOG_STATE_FILE) are reasonable for behavior tuning and state location. No unrelated credentials or high-privilege secrets are requested.
Persistence & Privilege
always:false (normal). The skill writes a local state file in the user's home workspace (default path under ~/.openclaw) — expected for tracking last deployment. The ALLOW_INTERNAL opt-in grants broader network access (internal hosts) and increases risk if misused; consider this when enabling.
Assessment
This skill appears to be what it claims: a Vercel deployment monitor that needs curl, jq and a Vercel API token. Before installing or running it: 1) Review the included scripts yourself (they are plain shell) to confirm behavior. 2) Create a Vercel token with minimal scope (deployment:read) and keep it secure; do not use a token that grants build/deploy/write access unless needed. 3) Be cautious about enabling ALLOW_INTERNAL=true — that disables hostname/private-IP checks and allows probing internal addresses, which is dangerous unless you explicitly need it and have permission. 4) Note the default state file location (~/.openclaw/...) and change WATCHDOG_STATE_FILE if you want it stored elsewhere. 5) The package source/homepage is missing; if you will run this in production, prefer code from a known repository/maintainer or verify the origin. If you want, I can scan the remainder of the truncated script parts for any additional behavior (e.g., webhooks, external upload sinks) before you run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9789vgr0paamab5x3rfy0evjn83j57x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq
EnvVERCEL_TOKEN

Comments