ClawHub

Check Deployment Status

v1.0.0

Check deployment status of PRs and commits using continuous-deployment MCP and UCS deployer MCP. Use when user asks "is this deployed", "check deployment", "...

0· 88·0 current·0 all-time
byAjit Singh@ajitsingh25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the actions in SKILL.md: it describes using code-mcp, continuous-deployment MCP, and UCS deployer MCP to locate merge commits and query deployment status. Nothing requested or described is unrelated to checking deployment status.
Instruction Scope
Instructions are focused on PR->merge-commit lookup and deployment-status calls (findServiceCommits, getCommitDeploymentStatus, etc.). They reference internal artifacts (gitolite@code.uber.internal:go-code) and hardcoded parameter examples (commited_after date). The SKILL.md assumes the agent can call internal MCP RPCs but does not show how to obtain or present any credentials for those calls.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or downloaded during install.
Credentials
The skill declares no required environment variables or credentials, yet its workflow requires access to internal MCP services and an internal gitolite repo. That omission is likely an operational assumption (agent has built-in access), not malicious, but you should confirm what credentials/connections the agent will use when these RPCs run.
Persistence & Privilege
always:false and no special persistence or system-wide config modifications. The skill does not request elevated or permanent presence.
Assessment
This skill appears to do what it says: query internal continuous-deployment and UCS deployer MCPs to determine if a commit/PR is deployed. Before installing: 1) Confirm the agent runtime already has legitimate access to your internal MCP/gitolite services (service account or connector); the SKILL.md does not declare credentials. 2) Verify you trust the skill source (unknown homepage/author). 3) If you restrict autonomous skills, consider limiting or reviewing calls that query internal systems. 4) Note the skill references internal hosts (gitolite@code.uber.internal) and hardcoded query parameters — adapt those to your environment. If you need higher assurance, ask the publisher to document required credentials and network endpoints explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk970z9yt1gp4w8r1v3s673z8vn83aa4v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments