ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawhub Skill Deploy Pilot

v1.0.0

Automates versioned Docker Compose and LXC deployments with health checks, blue-green updates, chat approvals, and automatic rollback for zero-downtime updates.

0· 454·0 current·0 all-time
by@mariusfit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Docker Compose + LXC deployments, health checks, blue-green, approvals) matches the included scripts, CLI, and declared permissions (docker, pvesh, ssh, net:http, file read/write in its workspace). The dependencies and features are proportional to the stated purpose.
Instruction Scope
SKILL.md and the Python script direct the agent/user to write config under ~/.openclaw/workspace/deploy-pilot and run the included deploy-pilot.py. Runtime behavior includes running docker/pvesh/ssh commands, performing HTTP/TCP/SSH checks, and executing pre/post hooks or arbitrary 'script' checks. These are expected for a deploy tool but mean the skill can execute arbitrary local and remote commands and initiate network traffic; the user should inspect hooks and any approval integration code before use.
Install Mechanism
There is no external download/install step — this is an instruction-and-code bundle. All code is included in the skill package (no remote extracts or unusual URLs), so nothing will be pulled from untrusted hosts during install.
Credentials
The skill does not request environment variables or credentials in metadata. It requires system tools (docker, ssh, pvesh) that are reasonable for the functionality. Chat approval integration references the platform's message tool but does not request external tokens in the skill manifest; that integration will depend on the user's OpenClaw messaging configuration.
Persistence & Privilege
always:false (not forced), and the skill only writes to its own workspace (~/.openclaw/workspace/deploy-pilot). Declared permissions to run docker/pvesh/ssh and network access are appropriate for a deployment orchestrator. The skill does not request system-wide configuration changes or other skills' credentials.
Assessment
This appears to be a legitimate deployment tool, but it performs privileged actions (runs docker/pvesh/ssh, executes hooks/scripts, and sends network requests). Before installing: (1) review deploy-pilot.py for any code paths that send sensitive data externally (especially approval/notification code), (2) inspect any pre/post hooks or default hook locations so they cannot run untrusted code, (3) verify how the WhatsApp/Telegram approval integration is implemented and that you control the messaging configuration, (4) run the provided smoke tests in an isolated environment (or sandbox) first, and (5) ensure SSH keys and Proxmox credentials used by the tool are limited-scoped. The skill's source/homepage is listed as unknown while skill.json references a GitHub repo — consider confirming the origin before production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsq6079h238gyt08ddb779981vq84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments