v1.0.0

deployment-manager

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 1:50 PM.

Analysis

This instruction-only deployment skill is mostly coherent, but some examples could change live production systems if copied or followed without stronger approval and scope safeguards.

GuidanceUse this skill as deployment guidance, not as an automatic production operator. Before adopting its examples, add approval gates, restrict Kubernetes and CI/CD permissions, pin workflow dependencies, test in staging, preserve rollback paths, and verify notification recipients and webhook secrets.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

on:
  push:
    branches: [main]
...
kubectl set image deployment/app-green app=app:${{ github.sha }}
...
kubectl patch service app-service -p

The example CI workflow deploys and switches Kubernetes service traffic automatically on a push to main, with no explicit manual approval, namespace/cluster allowlist, dry-run, or rollback decision gate shown.

User impactIf a user or agent follows these examples too directly, a normal repository push could trigger production-impacting deployment and traffic changes.

RecommendationRequire explicit human approval for production deployments, restrict Kubernetes context and namespace, add dry-run and policy checks, and make rollback and traffic-switch steps gated and auditable.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

- uses: actions/checkout@v3

The GitHub Actions example pins a third-party action only to a major version tag rather than an immutable commit, which is common but leaves update/provenance risk if copied into a real pipeline.

User impactA copied workflow may inherit changes to an external action version over time.

RecommendationPin CI/CD actions to immutable commit SHAs where possible and review third-party workflow dependencies before production use.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

run: |
  docker build -t app:${{ github.sha }} .
  docker run --rm app:${{ github.sha }} npm test

The skill provides shell/CI examples that build and run containers. This is expected for deployment guidance, but it is executable automation that users should review before adopting.

User impactCopying the examples into a CI/CD pipeline can execute builds, tests, and deployment commands in the user's environment.

RecommendationRun examples first in non-production environments, review all commands, and avoid granting broad CI runner permissions by default.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- name: Switch Traffic
  run: |
    kubectl patch service app-service -p

- name: Cleanup Blue Environment
  run: |
    kubectl set image deployment/app-blue app=app:${{ github.sha }}

The example switches service traffic and then updates the blue environment, which can propagate a bad release broadly and reduce immediate rollback separation if not gated and contained.

User impactA faulty deployment could affect live users or multiple environments before a human has a chance to stop it.

RecommendationUse progressive rollout gates, automated and manual stop conditions, preserved rollback environments, blast-radius limits, and clear production approval requirements.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

kubectl rollout undo deployment/$service_name

Rollback operations require Kubernetes privileges over deployments; this is aligned with deployment management, but users should notice that the skill's examples assume sensitive operational authority.

User impactUsing these examples with broad cluster credentials could let an agent or operator alter more services than intended.

RecommendationUse least-privilege deployment credentials, restrict namespaces and environments, and require separate approval for production or cross-tenant changes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

send_slack_notification "✅ Rollback completed for $service_name"
send_alert "🚨 Rollback failed for $service_name"

The rollback example implies external notification integrations. This is normal for deployments, but recipient, workspace, authentication, and data-sharing boundaries are not specified.

User impactDeployment status or service names could be sent to unintended channels if notification integrations are implemented loosely.

RecommendationConfigure notification destinations explicitly, limit message contents, protect webhook tokens, and verify recipients before sending production deployment alerts.