PropAI Sync
v2026.2.28Maintain and operate the PropAI Sync monorepo, including hosted-platform BYOK API validation and Railway deployment checks. Use when working in propai-sync t...
⭐ 0· 268·1 current·1 all-time
byVishal@vishalgojha
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise (repo maintenance, hosted smoke checks, Railway validation) matches the included SKILL.md and the hosted-smoke.mjs script, which runs a local gateway, validates /api/health, /api/auth/bootstrap, and /api/users/me. No unrelated services or credentials are requested.
Instruction Scope
Instructions are scoped to repo-local operations (git checks, pnpm build, running the provided smoke script, Railway CLI auth/deploy, and publishing via clawhub). The smoke script runs a local Node gateway, writes logs under .tmp-job-logs and mkdtemp state, calls only local endpoints (127.0.0.1), and prints a JSON summary (including only an api key prefix, not the full key). Be aware the script will create files in the repo and spawn a child Node process (dist/index.js) — you should only run it against trusted code.
Install Mechanism
No install spec; this is instruction-only with one included script. Nothing is downloaded or executed from remote URLs by the skill itself.
Credentials
The skill declares no required env vars or credentials. The smoke script reads an optional PROPAI_SYNC_SMOKE_PORT and sets repository-local PROPAICLAW_* variables for the spawned gateway process; these are internal and proportional to running a local smoke test.
Persistence & Privilege
always is false and the skill does not request persistent or platform-level privileges. It writes temporary logs and the SKILL.md asks to update HANDOFF.md (normal for handoff workflows), but it does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: run local smoke tests and help validate Railway deployments. Before running: (1) ensure you trust the repository contents (the script executes dist/index.js from the repo); (2) expect it to create .tmp-job-logs and temporary state directories and to suggest editing HANDOFF.md; (3) the Railway step (npx @railway/cli login) will open an auth flow to Railway and requires your Railway credentials — be cautious about sharing those; (4) the smoke script obtains an API key via a local bootstrap endpoint but only prints a prefix (it does not exfiltrate the full key); (5) run these checks in a safe/test environment because the script sets PROPAI_HOSTED_ALLOW_INSECURE_BOOTSTRAP=1 for convenience. If you need higher assurance, review the repo's dist/index.js (the gateway binary the script executes) before running.Like a lobster shell, security has layers — review code before you run it.
latest
Vishal@vishalgojha
DownloadPropAI Sync
Run all commands from the repo root.
Execute Core Workflow
- Inspect scope with
git status --shortandgit diff --name-only. - Run focused quality checks for touched files.
- Run
pnpm buildbefore any deploy or handoff. - Run hosted smoke with:
node skills/propai-sync/scripts/hosted-smoke.mjs
- Record executed commands and outcomes in
HANDOFF.md.
Enforce Hosted Smoke Contract
- Verify
health_okistrue. - Verify bootstrap succeeds and returns an API key.
- Verify
/api/users/mesucceeds with that API key. - Treat any non-2xx response as a failing gate.
Run Railway E2E Validation
- Authenticate Railway CLI:
npx @railway/cli loginnpx @railway/cli status
- Deploy from the current branch.
- Validate live endpoints in this order:
GET /api/healthPOST /api/auth/bootstrapGET /api/users/mewithX-API-Keyfrom bootstrap
- Log live URL, UTC timestamp, and endpoint results in
HANDOFF.md.
Publish To ClawHub
- Bump version and changelog summary for the skill update.
- Publish:
clawhub publish skills/propai-sync --slug propai-sync --name "PropAI Sync" --version <semver> --tags latest --changelog "<summary>"
Comments
Loading comments...