Skylv Deployment Automation
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This deployment skill describes production-changing actions and an unspecified deploy.js runner, so users should review and control it carefully before use.
Treat this as a high-impact deployment reference, not a safe automated deployer by default. Confirm the exact deploy.js implementation, run only from a trusted repository, use least-privilege credentials, and require explicit human approval before any production deploy, promotion, traffic shift, or rollback.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed too freely, the agent could promote or change a production deployment before the user has reviewed the exact target and impact.
This is a high-impact production promotion command that includes an approval flag, but the skill does not state that the agent must get explicit user confirmation or validate the target before running it.
node deploy.js promote --from staging --to production --approve
Only use this skill with explicit per-deployment approval, known targets, dry-run or diff review, and least-privilege deployment credentials.
The agent may try to run an unknown local deployment script, which could perform actions outside what this skill document describes.
The skill depends on a local deploy.js runner, but the provided artifacts include no code file or install spec for that runner, making the executor's provenance and behavior unreviewed.
node deploy.js deploy --strategy canary --service api --canary-percent 10
Before use, verify the exact deploy.js file, its source, permissions, and expected behavior; do not run it from an untrusted workspace.
Using this skill in a privileged deployment environment could let the agent affect production systems.
Production deployment and promotion normally require privileged access, although the skill does not declare any credential handling.
Multi-env — Dev → staging → production promotion
Use narrowly scoped deployment credentials and require human approval for production changes.