ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deployment Kit

提供基于 Docker 和 GitHub Actions 的多阶段构建、CI/CD 流水线和健康检查的生产部署套件。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 30 · 0 current installs · 0 all-time installs
by@yuyonghao-123
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Files (docker-compose, deploy manager, health check, CI/CD mention) align with a deployment kit. However SKILL.md's '注意事项' asks to set OPENAI_API_KEY (and '等环境变量') even though the codebase does not consume OpenAI credentials — this is an unexplained mismatch.
!
Instruction Scope
Runtime instructions focus on building/running Docker and running the local health-check script (good), but examples in SKILL.md reference importing runHealthChecks from scripts/health-check.js although the script does not export that function. SKILL.md also asks user to set OPENAI_API_KEY (sensitive) without showing any runtime step that uses it. Some commands and examples are inconsistent (path and export mismatches), giving the agent or user too much ambiguous discretion.
Install Mechanism
No install spec (instruction-only) and all code is included in the bundle. Nothing is downloaded from external URLs during install, so install risk is low.
!
Credentials
Manifest declares no required env vars, but SKILL.md instructs to configure OPENAI_API_KEY and '等环境变量' on first run. Requesting an API key for an unrelated provider (OpenAI) is disproportionate and is not justified by the provided source code.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent platform-wide privileges. It does execute local shell commands (docker, netstat) which is expected for a deployment tool.
What to consider before installing
This skill largely behaves like a local Docker/CICD deployment helper, but there are several red flags to consider before installing or running it: 1) SKILL.md asks you to configure OPENAI_API_KEY (and 'other env vars') even though the included code does not use OpenAI — do not supply any secret keys until the author explains why they're needed. 2) The code runs shell commands (docker build/run, netstat, docker logs). That means running this skill will execute commands on your machine — ensure Docker is installed and run it in an isolated/test environment first. 3) The health-check example in the docs mismatches the script (it does not export runHealthChecks) and some commands include Windows-specific syntax (findstr, 2>nul) while other parts target Linux containers — expect cross-platform inconsistencies. 4) The docker-compose mounts a local ./config directory into the container as read-only — review that directory to ensure it does not contain secrets you'll inadvertently expose to containers. 5) If you plan to use this in production, ask the author to clarify why OpenAI credentials are mentioned, request a corrected SKILL.md that matches code exports, and audit the code (especially any shell exec invocations) before providing credentials or running on sensitive hosts.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk975957pan50tn23r2az9evnws83qwsg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Deployment Kit Skill

version: 0.1.0

OpenClaw 生产部署套件 - Docker + CI/CD + 健康检查

功能特性

  • Docker 容器化: 多阶段构建,优化镜像大小
  • Docker Compose: 一键启动完整服务栈
  • CI/CD 流水线: GitHub Actions 自动构建、测试、部署
  • 健康检查: 网关、磁盘、内存、日志监控
  • 安全扫描: Trivy 漏洞扫描

快速开始

1. Docker 部署

cd skills/deployment-kit

# 构建镜像
npm run docker:build

# 运行容器
npm run docker:run

# 查看日志
docker logs -f openclaw

2. Docker Compose 部署

cd docker

# 启动所有服务
docker-compose up -d

# 查看状态
docker-compose ps

# 查看日志
docker-compose logs -f openclaw

3. 健康检查

# 本地检查
npm run health:check

# 或直接使用脚本
node scripts/health-check.js

目录结构

deployment-kit/
├── docker/
│   ├── Dockerfile          # 多阶段构建
│   └── docker-compose.yml  # 完整服务栈
├── .github/workflows/
│   └── ci-cd.yml          # GitHub Actions
├── scripts/
│   └── health-check.js    # 健康检查
└── package.json

CI/CD 流水线

工作流阶段

  1. Lint: 代码风格检查
  2. Test: 多版本 Node.js 测试
  3. Build: 构建 Docker 镜像
  4. Security: Trivy 安全扫描
  5. Deploy: 自动部署到 staging/production

触发条件

  • Push to develop: 部署到测试环境
  • Push to main: 部署到生产环境
  • Release published: 构建版本镜像

健康检查

检查项

检查项说明阈值
Gateway网关 HTTP 响应200 OK
Disk Space磁盘使用率Warning: 80%, Critical: 90%
Memory内存使用率Warning: 80%, Critical: 90%
Logs近期错误数Warning: >10 错误

使用示例

import { runHealthChecks } from './scripts/health-check.js';

const result = await runHealthChecks();
console.log(result);
// {
//   gateway: { status: 'ok' },
//   disk: { status: 'ok', usage: '45%' },
//   memory: { status: 'ok', usage: '60%' },
//   logs: { status: 'ok', recentErrors: 0 }
// }

Docker 镜像

构建参数

# 基础镜像
FROM node:20-alpine

# 非 root 用户
USER openclaw

# 健康检查
HEALTHCHECK --interval=30s --timeout=3s \
  CMD curl -f http://localhost:18789/health || exit 1

镜像特性

  • ✅ 多阶段构建(优化大小)
  • ✅ 非 root 用户运行(安全)
  • ✅ 时区设置(Asia/Shanghai)
  • ✅ 健康检查(自动重启)
  • ✅ 数据持久化(Volumes)

配置

环境变量

变量说明默认值
NODE_ENV运行环境production
TZ时区Asia/Shanghai
OPENCLAW_CONFIG配置文件路径/app/config/openclaw.json

端口映射

端口服务说明
18789OpenClaw Gateway主服务端口
9090Prometheus监控(可选)
3100Loki日志(可选)

监控(可选)

Prometheus + Grafana

# docker-compose.yml 已包含
services:
  prometheus:
    image: prom/prometheus:latest
    ports:
      - "9090:9090"
  
  grafana:
    image: grafana/grafana:latest
    ports:
      - "3000:3000"

注意事项

  1. 首次运行: 需要配置 OPENAI_API_KEY 等环境变量
  2. 数据持久化: 使用 Docker Volumes 保存数据
  3. 日志管理: 定期清理日志文件,避免磁盘满
  4. 安全: 生产环境使用 HTTPS,配置防火墙

License

MIT

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…