Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Deploy Public
v1.9.68Private-to-public repo sync. Copies everything except ai/ to the public mirror. Creates PR, merges, syncs releases.
⭐ 0· 638·1 current·1 all-time
byParker Todd Brooks@parkertoddbrooks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The metadata and SKILL.md claim only git/gh/bash are required for a private->public repo sync, but deploy-public.sh also invokes node, rsync, npm, and the 1Password CLI (op). Those tools are not listed in requires.bins. Publishing to npm and fetching tokens are beyond a simple sync/PR/merge workflow and are not justified by the manifest.
Instruction Scope
SKILL.md describes cloning, copying (excluding ai/), creating PRs, merging, and syncing releases. The actual script additionally: auto-creates public repos, deletes non-main branches on the target repo, reads a local secrets file (~/.openclaw/secrets/op-sa-token), calls op to reveal an 'npm Token', and attempts npm publish. The SKILL.md does not disclose these file reads or secret fetches.
Install Mechanism
There is no install spec (instruction-only skill plus a shell script). No remote downloads or archive extraction are performed at install time, which lowers installer risk. The presence of a script still means runtime behavior must be reviewed carefully.
Credentials
No environment variables or config paths are declared, yet the script reads a local secret file (~/.openclaw/secrets/op-sa-token) and invokes the 1Password CLI to retrieve an npm token. This accesses sensitive agent/host secrets and is disproportionate to the stated task. It also relies on node/npm/rsync/op being present but those binaries are not declared.
Persistence & Privilege
always:false (good). The skill can run autonomously (default), which combined with its secret-access behavior increases risk if allowed to run without human approval. The script modifies remote repos (creates, merges PRs, deletes branches) and can publish packages — these are high-impact actions requiring careful permission control.
What to consider before installing
This skill includes a shell script that does more than the SKILL.md advertises: it can create/clone public repos, delete non-main branches, fetch a 1Password-backed npm token from ~/.openclaw/secrets/op-sa-token via the op CLI, and attempt npm publish. Before installing or enabling this skill: 1) Review deploy-public.sh in full and confirm you are comfortable with automatic repo creation, PR merging, branch deletion, and npm publishing. 2) Ensure the agent/host does not expose sensitive files at ~/.openclaw/secrets or remove that code path; require an explicit NPM_TOKEN environment variable instead of reading agent secrets. 3) Limit the GitHub token used by gh to minimal scopes (repo:public_repo write only for the target) and consider requiring a dedicated publish token with narrow npm scopes. 4) If you want to keep this skill, ask the author to update SKILL.md and metadata to list node, npm, rsync, and op in required binaries and to declare any config paths or secret access. 5) Run the script in a controlled dry-run environment and require manual approval for any automated publish/merge actions. These mismatches between declared requirements and actual behavior warrant caution.Like a lobster shell, security has layers — review code before you run it.
latestvk976wnsfpakje225xavhmwnxyd8405n9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚢 Clawdis
Binsgit, gh, bash