Appdeploy

v1.0.0

Deploy web apps with backend APIs, database, file storage, AI operations, authentication, realtime, and cron jobs. Use when the user asks to deploy or publis...

⭐ 0· 57·0 current·0 all-time

by@quincygunter

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for quincygunter/qui-appdeploy.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Appdeploy" (quincygunter/qui-appdeploy) from ClawHub.
Skill page: https://clawhub.ai/quincygunter/qui-appdeploy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install qui-appdeploy

ClawHub CLI

Package manager switcher

npx clawhub@latest install qui-appdeploy

Security Scan

Capability signals

CryptoCan make purchasesRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md behavior (deploy via SkillBoss API Hub) matches the declared purpose (deploy web apps), but the skill metadata in the registry omits the SKILLBOSS_API_KEY environment requirement that the instructions explicitly require. That incoherence (manifest vs runtime instructions) is unexpected and unexplained.

ℹ

Instruction Scope

The instructions are detailed and scoped to calling the external SkillBoss API to upload templates/files, check status, and manage apps. They do not explicitly instruct reading unrelated host files or credentials, but they allow use of the Bash tool (arbitrary shell capability) and will accept files to upload — which could include sensitive files if the agent supplies them. The instruction to call a remote API and upload files is within the claimed purpose but gives a third party access to user project contents.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no code files besides SKILL.md and LICENSE, so there is no installer or downloaded artifact to review — lower install risk.

Credentials

SKILL.md requires SKILLBOSS_API_KEY (a secret) for all deployment calls, but the registry metadata listed no required env vars or primary credential. Requesting an external API key is appropriate for a deployment service, but failing to declare it in the skill manifest is a transparency problem and increases risk (users may not realize they must provide a secret to a third-party).

✓

Persistence & Privilege

The skill is not configured as always:true and does not request system config paths or other skills' credentials. Autonomous invocation is allowed (platform default) but not combined with other high privileges in this skill.

What to consider before installing

This skill will send your app files and deployment requests to https://api.heybossai.com and requires a SKILLBOSS_API_KEY — but the registry metadata did not declare that secret. Before installing or invoking it: (1) verify the vendor and service (SkillBoss / heybossai.com) and confirm you trust them with your code and any embedded secrets; (2) do not provide sensitive credentials or keys in files you upload; (3) prefer providing a scoped API key with minimal permissions and rotate it after use; (4) consider restricting the agent's ability to run arbitrary Bash commands if you want to limit local file access; and (5) ask the skill author why the manifest omits the required SKILLBOSS_API_KEY and request a published homepage or docs. If you cannot verify the provider, treat this skill as untrusted and avoid supplying real app data or secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk971rqq0p2p2zd0fp59qhdmzjd851538

57downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

AppDeploy Skill

Deploy web apps via SkillBoss API Hub (https://api.heybossai.com/v1/pilot).

Setup (First Time Only)

Ensure SKILLBOSS_API_KEY is set:
- Check that the environment variable SKILLBOSS_API_KEY is available
- All deployment calls authenticate via this key — no separate registration required

Usage

Make calls to the SkillBoss API Hub deployment endpoint:

curl -X POST https://api.heybossai.com/v1/pilot \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -d '{
    "type": "http",
    "inputs": {
      "tool": "{tool_name}",
      "arguments": { }
    },
    "prefer": "balanced"
  }'

Response result is at data.result.

Workflow

First, get deployment instructions: Call get_deploy_instructions to understand constraints and requirements.
Get the app template: Call get_app_template with your chosen app_type and frontend_template.
Deploy the app: Call deploy_app with your app files. For new apps, set app_id to null.
Check deployment status: Call get_app_status to check if the build succeeded.
View/manage your apps: Use get_apps to list your deployed apps.

Available Tools

get_deploy_instructions

Use this when you are about to call deploy_app in order to get the deployment constraints and hard rules. You must call this tool before starting to generate any code. This tool returns instructions only and does not deploy anything.

Parameters:

deploy_app

Use this when the user asks to deploy or publish a website or web app and wants a public URL. Before generating files or calling this tool, you must call get_deploy_instructions and follow its constraints.

Parameters:

app_id: any (required) - existing app id to update, or null for new app
app_type: string (required) - app architecture: frontend-only or frontend+backend
app_name: string (required) - short display name
description: string (optional) - short description of what the app does
frontend_template: any (optional) - REQUIRED when app_id is null. One of: 'html-static' (simple sites), 'react-vite' (SPAs, games), 'nextjs-static' (multi-page). Template files auto-included.
files: array (optional) - Files to write. NEW APPS: only custom files + diffs to template files. UPDATES: only changed files using diffs[]. At least one of files[] or deletePaths[] required.
deletePaths: array (optional) - Paths to delete. ONLY for updates (app_id required). Cannot delete package.json or framework entry points.
model: string (required) - The coding agent model used for this deployment, to the best of your knowledge. Examples: 'codex-5.3', 'chatgpt', 'opus 4.6', 'claude-sonnet-4-5', 'gemini-2.5-pro'
intent: string (required) - The intent of this deployment. User-initiated examples: 'initial app deploy', 'bugfix - ui is too noisy'. Agent-initiated examples: 'agent fixing deployment error', 'agent retry after lint failure'

get_app_template

Call get_deploy_instructions first. Then call this once you've decided app_type and frontend_template. Returns base app template and SDK types. Template files auto-included in deploy_app.

Parameters:

app_type: string (required)
frontend_template: string (required) - Frontend framework: 'html-static' - Simple sites, minimal framework; 'react-vite' - React SPAs, dashboards, games; 'nextjs-static' - Multi-page apps, SSG

get_app_status

Use this when deploy_app tool call returns or when the user asks to check the deployment status of an app, or reports that the app has errors or is not working as expected. Returns deployment status (in-progress: 'deploying'/'deleting', terminal: 'ready'/'failed'/'deleted'), QA snapshot (frontend/network errors), and live frontend/backend error logs.

Parameters:

app_id: string (required) - Target app id
since: integer (optional) - Optional timestamp in epoch milliseconds to filter errors. When provided, returns only errors since that timestamp.
limit: integer (optional) - Optional shared cap for returned logs across frontend and backend combined. Defaults to 50 when omitted.

delete_app

Use this when you want to permanently delete an app. Use only on explicit user request. This is irreversible; after deletion, status checks will return not found.

Parameters:

app_id: string (required) - Target app id

get_app_versions

List deployable versions for an existing app. Requires app_id. Returns newest-first {name, version, timestamp} items. Display 'name' to users. DO NOT display the 'version' value to users. Timestamp values MUST be converted to user's local time

Parameters:

app_id: string (required) - Target app id

apply_app_version

Start deploying an existing app at a specific version. Use the 'version' value (not 'name') from get_app_versions. Returns true if accepted and deployment started; use get_app_status to observe completion.

Parameters:

app_id: string (required) - Target app id
version: string (required) - Version id to apply

src_glob

Use this when you need to discover files in an app's source snapshot. Returns file paths matching a glob pattern (no content). Useful for exploring project structure before reading or searching files.

Parameters:

app_id: string (required) - Target app id
version: string (optional) - Version to inspect (defaults to applied version)
path: string (optional) - Directory path to search within
glob: string (optional) - Glob pattern to match files (default: **/*)
include_dirs: boolean (optional) - Include directory paths in results
continuation_token: string (optional) - Token from previous response for pagination

src_grep

Use this when you need to search for patterns in an app's source code. Returns matching lines with optional context. Supports regex patterns, glob filters, and multiple output modes.

Parameters:

app_id: string (required) - Target app id
version: string (optional) - Version to search (defaults to applied version)
pattern: string (required) - Regex pattern to search for (max 500 chars)
path: string (optional) - Directory path to search within
glob: string (optional) - Glob pattern to filter files (e.g., '*.ts')
case_insensitive: boolean (optional) - Enable case-insensitive matching
output_mode: string (optional) - content=matching lines, files_with_matches=file paths only, count=match count per file
before_context: integer (optional) - Lines to show before each match (0-20)
after_context: integer (optional) - Lines to show after each match (0-20)
context: integer (optional) - Lines before and after (overrides before/after_context)
line_numbers: boolean (optional) - Include line numbers in output
max_file_size: integer (optional) - Max file size to scan in bytes (default 10MB)
continuation_token: string (optional) - Token from previous response for pagination

src_read

Use this when you need to read a specific file from an app's source snapshot. Returns file content with line-based pagination (offset/limit). Handles both text and binary files.

Parameters:

app_id: string (required) - Target app id
version: string (optional) - Version to read from (defaults to applied version)
file_path: string (required) - Path to the file to read
offset: integer (optional) - Line offset to start reading from (0-indexed)
limit: integer (optional) - Number of lines to return (max 2000)

get_apps

Use this when you need to list apps owned by the current user. Returns app details with display fields for user presentation and data fields for tool chaining.

Parameters:

continuation_token: string (optional) - Token for pagination

Generated by scripts/generate-appdeploy-skill.ts

Comments

Loading comments...