ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Deploy

v1.2.1

一键打包和部署 OpenClaw 环境到任意服务器。自动移除敏感信息、支持本地/远程/批量部署、冲突处理、SHA256 完整性校验、详细日志与故障排查指南。适用于 OpenClaw 环境迁移、批量部署、团队标准化。

0· 107·0 current·0 all-time
byMicRabbit@lyx058019

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lyx058019/lyx-openclaw-deploy.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Deploy" (lyx058019/lyx-openclaw-deploy) from ClawHub.
Skill page: https://clawhub.ai/lyx058019/lyx-openclaw-deploy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, tar, ssh
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lyx-openclaw-deploy

ClawHub CLI

Package manager switcher

npx clawhub@latest install lyx-openclaw-deploy
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (one‑click package & deploy) align with required binaries (bash/tar/ssh) and the provided scripts (build/, deploy/, batch/). The repo clone URL and included scripts correspond to deployment functionality.
!
Instruction Scope
The SKILL.md and scripts will read from the user's HOME (~/.openclaw), copying workspace, memory, and skills into the package. The code only sanitizes a limited set of keys in openclaw.json; other files (workspace files, memory directory, skill code, .env files, or any other artifacts) are copied without broad scrubbing. That contradicts the SKILL.md claim of '自动移除敏感信息' (automatic removal of sensitive info) and could lead to unintended disclosure if the package is shared or uploaded.
Install Mechanism
No unusual install mechanism in registry metadata; SKILL.md's metadata instructs cloning from a GitHub repository (a common release host). The scripts do invoke standard external installers (e.g., get.docker.com) and use curl to fetch remote installers, which is expected for an automated deploy tool but is a standard-risk action that should be reviewed before running.
!
Credentials
The skill declares no required env vars, but scripts will read local paths (~/.openclaw, SSH keys referenced by inventory, $HOME/.ssh/known_hosts) and will use optional env (DEPLOY_URL) if present. Packaging and deployment actions access many user-local artifacts (workspace, memory, skills) that may contain credentials or PII; requiring no explicit credential inputs makes it easy to accidentally package and exfiltrate sensitive data. The sanitization scope is narrow (only specific keys in openclaw.json).
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configs, and its install is instruction-only/clone-based. It will create or overwrite ~/.openclaw when installing packages, which is consistent with its function but should be noted by the user.
What to consider before installing
This skill appears to be a legitimate deploy/pack tool, but be cautious: it reads and packages files from ~/.openclaw (workspace, memory, skills) and only sanitizes a narrow set of keys in openclaw.json. Before installing or running: (1) inspect the cloned repository (https://github.com/lyx058019/openclaw-deploy) yourself; (2) run the scripts in a disposable VM or container first; (3) review what will be included in a package (check the TEMP_DIR contents or run in dry-run/test mode); (4) ensure sensitive files (secrets, .env, memory, skills with embedded tokens) are removed or excluded prior to packaging or use the custom builder --no-workspace/--no-skills options; (5) verify SHA256 files before trusting downloaded packages and prefer local packages you built yourself; (6) be aware the scripts may call external installers (get.docker.com) and will perform remote SSH operations if used with inventory — verify inventory and SSH behavior carefully. If you need the claimed 'automatic sensitive removal' guarantee, ask the maintainer for exact sanitization rules or extend the scripts to scrub additional file types before use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, tar, ssh
latestvk9791vyx5b9vpmzwdje6nhtzeh83dqfk
107downloads
0stars
3versions
Updated 1mo ago
v1.2.1
MIT-0
MicRabbit@lyx058019
latest
Download

OpenClaw Deploy - 一键打包部署

功能

  1. 打包配置:基础 / 完整 / 自定义打包,自动移除敏感信息
  2. 镜像管理:查看信息、SHA256 校验、版本管理
  3. 本地部署:一键还原部署、环境预检、4种冲突处理策略
  4. 远程部署:SSH 远程单台部署
  5. 批量部署:多主机并行部署,支持主机清单(V1.2 新增)
  6. 运维辅助:详细日志、故障排查指南(V1.2 新增)

快速开始

git clone https://github.com/lyx058019/openclaw-deploy.git
cd openclaw-deploy

# 打包
./build/full/full_builder.sh --output ./openclaw.tar.gz

# 本地部署
./build/full/full_builder.sh --package ./openclaw.tar.gz --install-dir ~/.openclaw

# 批量部署(多主机)
./deploy/batch/batch_deploy.sh \
  --inventory ./config/inventory.example.ini \
  --package ./openclaw.tar.gz \
  --parallel 4

批量部署示例

复制主机清单模板:

cp config/inventory.example.ini config/inventory.ini
# 编辑 inventory.ini 填入真实主机信息

清单格式(Ansible 兼容):

[production]
web01 ansible_host=192.168.1.101 ansible_user=ubuntu
web02 ansible_host=192.168.1.102 ansible_user=ubuntu

[staging]
stage01 ansible_host=192.168.1.201 ansible_user=root

执行批量部署:

./deploy/batch/batch_deploy.sh \
  --inventory config/inventory.ini \
  --package ./openclaw.tar.gz \
  --parallel 8 \
  --mode backup

服务器要求

项目最低要求
系统Ubuntu 20.04+ / CentOS 7+ / macOS
Docker20.10+
内存≥ 4GB
CPU≥ 2 核

安全说明

  • ✅ 导出时自动移除敏感信息(apiKey、token 等)
  • ✅ SHA256 完整性校验
  • ✅ SSH 加密传输
  • ⚠️ 部署后手动填入 API Keys

Comments

Loading comments...