Clawhub Skill Deploy Pilot
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent deployment automation skill, but it is powerful and can control containers, remote hosts, hooks, and scheduled rollouts.
Install only if you want an agent-assisted deployment tool with access to your Docker/LXC environment. Keep it scoped to non-production until tested, enable approvals for important stacks, review any hook scripts, and verify scheduled deployments and rollback settings.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong stack or options, it could restart, roll back, or otherwise change running services.
The skill explicitly requests execution of deployment tools and network/file access. This is expected for Docker/LXC deployment automation, but it is high-impact authority.
"permissions": ["exec:docker", "exec:pvesh", "exec:ssh", "file:read ~/.openclaw/workspace/deploy-pilot", "file:write ~/.openclaw/workspace/deploy-pilot", "net:http"]
Use dry-run and approval workflows for important environments, and restrict use to users or agents that are allowed to deploy those stacks.
A bad or untrusted hook could alter services, data, or the host environment during deployment.
The skill supports user-configured hook scripts around deployments. This is purpose-aligned for deployment automation, but it means configured scripts can run with the user's local privileges.
"Pre/post hooks" — Custom scripts before/after deployment (backups, migrations, etc).
Only configure hooks from trusted paths, review hook contents, and avoid running this skill with broader privileges than necessary.
An agent using this skill may be able to act with the user's Docker, SSH, or Proxmox permissions.
Managing LXC/Proxmox deployments requires host or account privileges. This is expected for the stated purpose but should be scoped carefully.
Optional (for Proxmox LXC): - `pvesh` (Proxmox command-line client) - SSH access to Proxmox host
Use least-privilege accounts, separate production from test credentials, and confirm which hosts and containers are registered.
Deployment names, timing, and approval prompts may be exposed through chat, and approvals should come only from trusted identities.
Approval workflows depend on an external messaging channel. This is disclosed and purpose-aligned, but approval identity and message privacy depend on that channel's configuration.
Deploy requests sent to WhatsApp/Telegram. User approves or rejects.
Use a trusted approval channel, verify recipient configuration, and avoid including secrets in approval messages.
A scheduled deployment could run later without the user actively watching the session.
The skill advertises scheduled deployments, which can create ongoing automation. This is disclosed and fits the deployment purpose, but it can keep making changes after setup.
"cron-setup": "Schedule automatic deployments"
Enable scheduling only for intended stacks, document the schedule, and require approvals for production changes where possible.
Users may not get a complete platform-level warning about the binaries and privileges this skill uses.
The registry metadata does not fully describe the provenance or runtime requirements, even though the bundled skill.json documents deployment tool dependencies and permissions.
Source: unknown; Homepage: none; Required binaries (all must exist): none; Capability signals: No capability tags were derived.
Review the bundled source and skill.json before installation, and verify docker/pvesh/ssh availability and provenance yourself.