Production Readiness
v1.0.0Meta-skill that orchestrates logging, monitoring, error handling, performance, security, deployment, and testing skills to ensure a service is fully production-ready before launch. Use before first deploy, major releases, quarterly reviews, or after incidents.
⭐ 0· 848·1 current·1 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description describe an orchestration/meta-skill. The skill is instruction-only, requests no binaries, env vars, or config paths — which is proportionate for a coordinator that defers work to specialized skills.
Instruction Scope
Runtime instructions explicitly tell the agent to "read the target skill first, follow its instructions, then return results" for many named skills/agents. That is expected for a meta-skill, but it grants this skill an implicit ability to invoke arbitrary logic from those other skills. The SKILL.md does not constrain or validate what delegated skills may do (network calls, credential access, file reads/writes), so the effective runtime scope depends entirely on the referenced skills.
Install Mechanism
There is no install spec in the registry entry (instruction-only), which is low-risk. README contains example npx commands and a GitHub tree URL, but the skill's source/homepage are unknown; those install suggestions point to an external repo (unverified). Lack of provenance is a caution: follow-up installs could pull code from untrusted locations.
Credentials
This skill declares no required environment variables or credentials, which is appropriate. However, because it delegates to many other skills, those downstream skills may require credentials or secrets; the meta-skill does not enumerate or warn about them.
Persistence & Privilege
always:false and default model-invocation are benign. The skill does not request persistent presence or changes to other skills' configs. The main risk is that autonomous invocation will allow the agent to call delegated skills (normal behavior), increasing blast radius if those skills are untrusted.
What to consider before installing
This meta-skill itself is plausible and light-weight, but it works by reading and executing instructions from many other skills/agents. Before installing: 1) Verify provenance — prefer a published repo/homepage and a maintainer you trust; the package metadata here has no homepage and source is unknown. 2) Inspect every referenced skill/agent (logging-observability, security-review, docker-expert, testing-workflow, performance-agent, deployment-agent, etc.) — review their SKILL.md, README, and any code for required env vars, network endpoints, or install scripts. 3) Be cautious about credentials: do not provide AWS/ Vault/ database secrets or CI tokens unless you’ve reviewed the downstream skill that needs them. 4) If possible, run the orchestration in a sandbox or with the agent limited to user-invoked mode until you confirm behavior. 5) Treat any install commands that pull from arbitrary GitHub URLs or run npx against unknown packages as higher risk — prefer vetted sources or local inspection before installing. Reviewing the referenced skills is the critical step to assess actual risk.Like a lobster shell, security has layers — review code before you run it.
latestvk979r8rchfx7h0vjf1pmrzw32x80wkc3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.