Deployment Kit
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a normal Docker deployment helper, but it uses unsafely constructed shell commands and starts persistent network services, so it should be reviewed before use.
Only install or run this on a machine where you are comfortable granting Docker control. Review and pin the Docker assets, secure or disable Prometheus/Loki exposure, and avoid passing untrusted names or values into the deployment manager until the shell-command construction is fixed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user passes an unsafe value into the deployment configuration, shell metacharacters could trigger unintended local commands or Docker operations.
The code uses child_process.exec, which runs through a shell, and interpolates configurable values such as imageName, containerName, port, and log line counts without validation or escaping.
const execAsync = promisify(exec); ... `docker build -t ${this.config.imageName}:latest .`Use execFile/spawn with argument arrays, strictly validate Docker names and numeric fields, and require explicit user confirmation before running deployment commands.
A mistaken or manipulated container name could stop or remove a Docker container the user did not intend to replace.
runContainer stops and removes a container based only on the configurable containerName before launching a new one, with no approval gate or scope check shown in the artifact.
await execAsync(`docker stop ${this.config.containerName} 2>nul || true`); await execAsync(`docker rm ${this.config.containerName} 2>nul || true`);Limit operations to a clearly owned container name, add dry-run/confirmation behavior, and document how to recover or undo container replacement.
Metrics or log endpoints may be reachable from outside the machine depending on Docker and firewall settings.
The compose file publishes Prometheus and Loki monitoring/logging services to host ports. This is purpose-aligned but can expose operational data if run on a reachable host.
ports:
- "9090:9090" ... ports:
- "3100:3100"Bind monitoring ports to localhost, use Docker Compose profiles for optional services, and add authentication or firewall rules in production.
The deployment instructions may fail or rely on files not included in the reviewed package.
The documentation references a Dockerfile and GitHub Actions workflow, but those files are not present in the supplied file manifest, so the advertised build/CI/security-scan behavior cannot be verified from these artifacts.
├── Dockerfile # 多阶段构建 └── ci-cd.yml # GitHub Actions
Ship the referenced Dockerfile and workflow files, or update the documentation to match the actual package contents.
Containers and stored data may continue using resources and exposing ports until explicitly stopped and removed.
The compose configuration creates persistent volumes and long-running services that restart unless stopped. This is normal for deployment, but it means the skill's effects can persist after the initial command.
restart: unless-stopped ... volumes: openclaw-data: openclaw-logs: prometheus-data: loki-data:
Run only when you intend to create persistent services, and document cleanup commands such as docker-compose down and volume removal.
Users may need to provide API keys to the deployed OpenClaw service and should understand where those keys are stored or passed.
The documentation says provider credentials may be needed, while the registry metadata declares no required environment variables. The artifacts do not show credential leakage, but credential setup is under-declared.
首次运行: 需要配置 OPENAI_API_KEY 等环境变量
Declare required or optional environment variables in metadata and advise users to use least-privilege keys and secret-management practices.