Agent Deployment Checklist
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, the user will run code obtained from the network during deployment.
The setup template fetches and executes a remote installer as part of base machine provisioning.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Use only official installer sources, review or pin installation steps where possible, and run these commands deliberately on the intended machine.
Installing or using the checklist may lead an operator to configure credentials that can access client repositories, calendars, email, accounting systems, or AI provider accounts.
The checklist requires delegated access to multiple third-party services and potentially sensitive client accounts.
API keys provisioned (Anthropic, OpenAI if needed); MCP server credentials configured; GitHub/GitLab access tokens scoped to client repos only; Email/calendar integrations authorized (OAuth tokens); QuickBooks / accounting integrations connected
Use least-privilege, client-specific credentials, prefer read-only access where possible, document scopes, rotate keys, and avoid exposing secrets in chats or logs.
Incorrectly applying the hardening steps could lock users out, disrupt network access, or affect production availability.
The checklist includes privileged host-hardening actions that can materially change access to the machine.
Firewall enabled and configured; SSH hardening applied; Disk encryption enabled; sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on
Apply privileged commands with human approval, keep recovery access available, verify required ports before blocking traffic, and stage changes when possible.
Persistent agent memory files can retain client-specific information and may affect later agent decisions if not reviewed and protected.
The deployment framework includes persistent memory/context files that may influence future agent behavior and hold sensitive operational context.
5-file memory system pre-scaffolding ... SOUL, IDENTITY, USER, AGENTS files marked as sacred (never leave the environment)
Limit file permissions, avoid storing secrets in memory files, review their contents regularly, and define retention and sharing rules.
Cron jobs can continue running after setup and may perform automated actions without a person actively watching each run.
The checklist contemplates scheduled background jobs as part of deployments.
starter crons ... Tax calendar crons scheduled
Document all cron entries, run them under least-privilege accounts, log their activity, and disable any job that is not clearly needed.
Misconfigured MCP servers or overly broad credentials could expose client data or allow actions beyond the intended deployment scope.
MCP integrations connect the agent environment to external tools and data sources.
MCP server credentials configured ... QuickBooks MCP server configured (read-only by default)
Use client-specific MCP credentials, confirm server identity and permissions, keep read-only defaults where possible, and audit tool access.