C.R.A.B Deploy Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real deployment helper, but it can publish code and apps to GitHub and Cloudflare with unclear file, account, and domain safeguards.
Review the script and run deployment steps manually. Before pushing or deploying, confirm the exact project directory, files to be committed, GitHub repo visibility/account, Cloudflare account, and domain. Avoid the default `sheraj.org` domain unless you know it is intended and controlled by you or your organization.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could publish the wrong project, include unintended files, or deploy to the wrong target if invoked from the wrong context.
These are high-impact account and publishing actions. The artifacts do not clearly bound which local directory/files are pushed, repo visibility, target account, or whether the user sees a final preview before mutation.
`deploy-agent push my-app [repo-name]` Creates GitHub repo and pushes code. ... `deploy-agent deploy my-app [custom-domain]` Deploys to Cloudflare Pages.
Before using push or deploy, verify the working directory, git status, target GitHub account/repo visibility, Cloudflare account, and deployment domain. The skill should add explicit previews and confirmations before gh/wrangler mutations.
A user could unintentionally try to publish their app under a domain they do not control, or trust a default domain without understanding who owns it.
The default deployment domain is a specific external domain that is not explained as user-controlled or project-specific.
Deploys to Cloudflare Pages. Default domain: `{name}.sheraj.org`Use an explicitly user-owned domain or Cloudflare Pages default domain unless the user confirms that `sheraj.org` is intended and under their control.
Commands may act with whatever permissions your local GitHub and Cloudflare sessions have.
The skill relies on local Cloudflare credentials, and likely local GitHub CLI authentication, to perform deployment actions. This is expected for the purpose but sensitive.
Cloudflare token should be configured in `~/.wrangler.toml`
Use least-privilege Cloudflare tokens and verify `gh`/`wrangler` are authenticated to the intended accounts before running deployment commands.
The skill may fail or behave unexpectedly if jq/npm are missing or different from what the user expects.
The script uses jq and npm-related commands, while the registry requirements only list gh, wrangler, and git. This is a dependency declaration gap, not evidence of malicious behavior.
echo "$state" | jq -r ... npm list next ... npm list @cloudflare/next-on-pages
Confirm all required tools are installed and review the shell script before use, especially because there is no separate install spec.
Deployment metadata remains on disk after the session and could be reused by later commands.
Deployment status, repo URL, and domain are stored persistently across sessions. No token storage is shown.
State stored in: `~/.clawdbot/skills/deploy-agent/state/{deployment-name}.json`Use the cancel/cleanup flow when done and avoid putting secrets in deployment names or state fields.