ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Prod Deploy

v1.0.1

生产环境发布部署自动化技能。用于 SM 交友网站 (zmq-club.com) 的一键发布流程,包括:数据库备份、结构对比、前端构建、代码部署、迁移执行、服务重启、生产验证。Use when 沛哥要求发布生产、部署代码、上线新功能、或执行发布 SOP。

0· 49·0 current·0 all-time
by@liupeidawn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (one-click production deploy) matches the actions (SSH, backup, copy files, run migrations). However the skill embeds production root credentials (IP, username, plaintext password) directly in SKILL.md and in scripts/deploy.py instead of using declared/managed secrets. It also imports paramiko but the package/dependency is not declared. Embedding a production root password in files is disproportionate and poor practice even if deployment legitimately needs access.
!
Instruction Scope
Runtime instructions and scripts instruct the agent to connect as root to a specific IP, run pg_dump, upload site files, run migrations, and restart services — all expected for deployment. But the docs/scripts include explicit credentials and reference many local paths under /home/administrator/.openclaw/workspace-main (reading/writing backups and memory files). The SKILL.md and scripts contain the credentials in plaintext and direct writes to workspace memory; this broad access and exposure of secrets is a scope risk. Also the deploy.py shown is truncated at the end and likely syntactically broken, so the claimed 'one-click' capability may be non-functional.
!
Install Mechanism
There is no install spec. The included script imports paramiko (and expects npm/pm2/tools) but the skill declares no required binaries or dependencies. That mismatch (code needing libraries that are not declared or installed) is incoherent and will cause runtime failures or require the agent to install additional packages without explicit instructions.
!
Credentials
The skill declares no required environment variables or primary credential, yet both SKILL.md and scripts embed a production SSH password and other sensitive server details. This is disproportionate: either the skill should declare and require a secret (and not store it in repo files), or it shouldn't contain production credentials at all. The presence of a plaintext root password in multiple files is a serious secret-exposure issue.
Persistence & Privilege
always:false (OK). The skill writes release notes to workspace/memory and performs operations on the host it has credentials for; that behavior is expected for a deployer. However, because the skill contains embedded production credentials and the platform allows autonomous invocation by default, the blast radius is higher — an agent or skill bug could use those credentials unexpectedly. The script does not attempt to modify other skills or global agent config.
What to consider before installing
Do not run or install this skill in a production environment as-is. Specific actions to take before considering use: - Treat the exposed IP/username/password in SKILL.md and scripts as compromised: rotate the SSH password/keys on the server immediately if these files were shared or uploaded. - Do not supply production credentials directly in skill files; replace hardcoded credentials with secrets managed by a vault or environment variables and document required env vars in the skill manifest. - Verify and fix the deploy.py file — it appears truncated/malformed (the __main__ block is incomplete) and paramiko is used but not declared as a dependency. - Review the code line-by-line to ensure it does only the intended deployment actions (no hidden network calls or exfiltration). Run in a staging environment first. - Prefer SSH key auth, least-privilege accounts (not root), and an audited CI/CD pipeline instead of running one-click scripts from an agent with embedded credentials. - If you cannot verify the origin of this skill (source/homepage unknown), avoid granting it access to production credentials or allowing autonomous invocation until a trusted audit is completed.

Like a lobster shell, security has layers — review code before you run it.

latestvk975fazmzr7hg7257zy8z0h4dd84hnvf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments