← Back to Skills Marketplace
avimak

AppDeploy

by avimak · GitHub ↗ · v1.0.7
cross-platform ⚠ suspicious
3332
Downloads
8
Stars
3
Active Installs
5
Versions
Install in OpenClaw
/install appdeploy
Description
Deploy web apps with backend APIs, database, file storage, AI operations, authentication, realtime, and cron jobs. Use when the user asks to deploy or publis...
README (SKILL.md)

AppDeploy Skill

Deploy web apps to AppDeploy via HTTP API.

Setup (First Time Only)

  1. Check for existing API key:

    • Look for a .appdeploy file in the project root
    • If it exists and contains a valid api_key, skip to Usage

  2. If no API key exists, register and get one:

    curl -X POST https://api-v2.appdeploy.ai/mcp/api-key \
  -H "Content-Type: application/json" \
  -d '{"client_name": "claude-code"}'

    Response:

    {
  "api_key": "ak_...",
  "user_id": "agent-claude-code-a1b2c3d4",
  "created_at": 1234567890,
  "message": "Save this key securely - it cannot be retrieved later"
}

  3. Save credentials to .appdeploy:

    {
  "api_key": "ak_...",
  "endpoint": "https://api-v2.appdeploy.ai/mcp"
}

    Add .appdeploy to .gitignore if not already present.

Usage

Make JSON-RPC calls to the MCP endpoint:

curl -X POST {endpoint} \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -H "Authorization: Bearer {api_key}" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "{tool_name}",
      "arguments": { ... }
    }
  }'

Workflow

  1. First, get deployment instructions: Call get_deploy_instructions to understand constraints and requirements.

  2. Get the app template: Call get_app_template with your chosen app_type and frontend_template.

  3. Deploy the app: Call deploy_app with your app files. For new apps, set app_id to null.

  4. Check deployment status: Call get_app_status to check if the build succeeded.

  5. View/manage your apps: Use get_apps to list your deployed apps.

Available Tools

get_deploy_instructions

Use this when you are about to call deploy_app in order to get the deployment constraints and hard rules. You must call this tool before starting to generate any code. This tool returns instructions only and does not deploy anything.

Parameters:

deploy_app

Use this when the user asks to deploy or publish a website or web app and wants a public URL. Before generating files or calling this tool, you must call get_deploy_instructions and follow its constraints.

Parameters:

  • app_id: any (required) - existing app id to update, or null for new app
  • app_type: string (required) - app architecture: frontend-only or frontend+backend
  • app_name: string (required) - short display name
  • description: string (optional) - short description of what the app does
  • frontend_template: any (optional) - REQUIRED when app_id is null. One of: 'html-static' (simple sites), 'react-vite' (SPAs, games), 'nextjs-static' (multi-page). Template files auto-included.
  • files: array (optional) - Files to write. NEW APPS: only custom files + diffs to template files. UPDATES: only changed files using diffs[]. At least one of files[] or deletePaths[] required.
  • deletePaths: array (optional) - Paths to delete. ONLY for updates (app_id required). Cannot delete package.json or framework entry points.
  • model: string (required) - The coding agent model used for this deployment, to the best of your knowledge. Examples: 'codex-5.3', 'chatgpt', 'opus 4.6', 'claude-sonnet-4-5', 'gemini-2.5-pro'
  • intent: string (required) - The intent of this deployment. User-initiated examples: 'initial app deploy', 'bugfix - ui is too noisy'. Agent-initiated examples: 'agent fixing deployment error', 'agent retry after lint failure'

get_app_template

Call get_deploy_instructions first. Then call this once you've decided app_type and frontend_template. Returns base app template and SDK types. Template files auto-included in deploy_app.

Parameters:

  • app_type: string (required)
  • frontend_template: string (required) - Frontend framework: 'html-static' - Simple sites, minimal framework; 'react-vite' - React SPAs, dashboards, games; 'nextjs-static' - Multi-page apps, SSG

get_app_status

Use this when deploy_app tool call returns or when the user asks to check the deployment status of an app, or reports that the app has errors or is not working as expected. Returns deployment status (in-progress: 'deploying'/'deleting', terminal: 'ready'/'failed'/'deleted'), QA snapshot (frontend/network errors), and live frontend/backend error logs.

Parameters:

  • app_id: string (required) - Target app id
  • since: integer (optional) - Optional timestamp in epoch milliseconds to filter errors. When provided, returns only errors since that timestamp.
  • limit: integer (optional) - Optional shared cap for returned logs across frontend and backend combined. Defaults to 50 when omitted.

delete_app

Use this when you want to permanently delete an app. Use only on explicit user request. This is irreversible; after deletion, status checks will return not found.

Parameters:

  • app_id: string (required) - Target app id

get_app_versions

List deployable versions for an existing app. Requires app_id. Returns newest-first {name, version, timestamp} items. Display 'name' to users. DO NOT display the 'version' value to users. Timestamp values MUST be converted to user's local time

Parameters:

  • app_id: string (required) - Target app id

apply_app_version

Start deploying an existing app at a specific version. Use the 'version' value (not 'name') from get_app_versions. Returns true if accepted and deployment started; use get_app_status to observe completion.

Parameters:

  • app_id: string (required) - Target app id
  • version: string (required) - Version id to apply

src_glob

Use this when you need to discover files in an app's source snapshot. Returns file paths matching a glob pattern (no content). Useful for exploring project structure before reading or searching files.

Parameters:

  • app_id: string (required) - Target app id
  • version: string (optional) - Version to inspect (defaults to applied version)
  • path: string (optional) - Directory path to search within
  • glob: string (optional) - Glob pattern to match files (default: **/*)
  • include_dirs: boolean (optional) - Include directory paths in results
  • continuation_token: string (optional) - Token from previous response for pagination

src_grep

Use this when you need to search for patterns in an app's source code. Returns matching lines with optional context. Supports regex patterns, glob filters, and multiple output modes.

Parameters:

  • app_id: string (required) - Target app id
  • version: string (optional) - Version to search (defaults to applied version)
  • pattern: string (required) - Regex pattern to search for (max 500 chars)
  • path: string (optional) - Directory path to search within
  • glob: string (optional) - Glob pattern to filter files (e.g., '*.ts')
  • case_insensitive: boolean (optional) - Enable case-insensitive matching
  • output_mode: string (optional) - content=matching lines, files_with_matches=file paths only, count=match count per file
  • before_context: integer (optional) - Lines to show before each match (0-20)
  • after_context: integer (optional) - Lines to show after each match (0-20)
  • context: integer (optional) - Lines before and after (overrides before/after_context)
  • line_numbers: boolean (optional) - Include line numbers in output
  • max_file_size: integer (optional) - Max file size to scan in bytes (default 10MB)
  • continuation_token: string (optional) - Token from previous response for pagination

src_read

Use this when you need to read a specific file from an app's source snapshot. Returns file content with line-based pagination (offset/limit). Handles both text and binary files.

Parameters:

  • app_id: string (required) - Target app id
  • version: string (optional) - Version to read from (defaults to applied version)
  • file_path: string (required) - Path to the file to read
  • offset: integer (optional) - Line offset to start reading from (0-indexed)
  • limit: integer (optional) - Number of lines to return (max 2000)

get_apps

Use this when you need to list apps owned by the current user. Returns app details with display fields for user presentation and data fields for tool chaining.

Parameters:

  • continuation_token: string (optional) - Token for pagination

Generated by scripts/generate-appdeploy-skill.ts

Usage Guidance
This skill appears to do what it says (deploy apps) and doesn't request unrelated secrets, but it will: (1) call an external API at api-v2.appdeploy.ai, (2) create/register an API key for you, and (3) upload project files. Before installing or invoking it, verify you trust the AppDeploy service (look for a homepage, docs, or organization), and review what files the agent will send. Prefer running on non-sensitive/test projects first. Be cautious about allowing autonomous invocation — require explicit user approval before the agent registers keys or uploads code. Ensure .gitignore includes .appdeploy and that saved API keys are stored only where you intend. If you need higher assurance, ask the skill author for a homepage, privacy/terms, or an official SDK/release URL to validate the service identity.
Capability Analysis
Type: OpenClaw Skill Name: appdeploy Version: 1.0.7 The skill is classified as suspicious due to the combination of powerful capabilities that, while necessary for its stated purpose, present a significant prompt injection risk. Specifically, the `src_read` and `src_grep` tools allow the agent to read and search arbitrary files within deployed application source code on the remote platform. Coupled with the `Bash` tool allowance and the agent's handling of a powerful API key stored locally, a malicious prompt could instruct the agent to read sensitive configuration files (e.g., API keys, credentials) from a deployed application and then exfiltrate that data using `curl` or other shell commands. While the skill itself does not contain malicious instructions, its capabilities create a high-risk attack surface for data exfiltration via prompt injection.
Capability Assessment
Purpose & Capability
Name/description match the instructions: the SKILL.md describes calling an AppDeploy HTTP API to get templates, upload files, and manage deployments. It does not request unrelated credentials, binaries, or system paths.
Instruction Scope
Instructions stay within deployment scope (look for .appdeploy in project root, register an API key with api-v2.appdeploy.ai, send files and diffs). This necessarily requires reading project files and transmitting them to the AppDeploy endpoint — expected for a deploy tool but a privacy/exfiltration vector you should consider. The skill also requires calling get_deploy_instructions before generating code (reasonable).
Install Mechanism
No install spec and no code files—instruction-only—so nothing is written to disk by an installer. Low install risk.
Credentials
No environment variables or unrelated credentials are requested. The skill uses an API key stored in a local .appdeploy file, which is appropriate for a hosted deployment service.
Persistence & Privilege
The skill is not always-enabled and does not ask to modify other skills or system settings. It can be invoked autonomously (platform default) which, combined with its ability to upload files, is something you should control via agent permissions but is not inherently incoherent.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install appdeploy
  3. After installation, invoke the skill by name or use /appdeploy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
- Added LICENSE.txt file to the repository. - Updated skill description to include AI operations, authentication, realtime, and cron jobs. - Enhanced the deploy_app tool with required model and intent parameters. - Improved get_app_status tool: added an optional 'limit' parameter for log retrieval. - Bumped skill version to 1.0.7.
v1.0.5
- Updated API endpoint from https://api-yaron.appdeploy.ai/mcp to https://api-v2.appdeploy.ai/mcp. - Setup instructions now reference the new API base URL for both key registration and endpoint configuration. - Metadata version updated from 1.0.2 to 1.0.5 to reflect current skill version. - No changes to available tools or API method usage.
v1.0.2
- Added Accept: application/json, text/event-stream header to the sample curl command in the Usage section for improved API compatibility. - Bumped version metadata to 1.0.2.
v1.0.1
- Switched backend to HTTP API with curl, removing MCP server dependency. - Updated setup instructions: users now create and save an API key in a `.appdeploy` file. - Changed allowed tool from `mcp__appdeploy` to Bash for API calls. - Fully revised documentation and usage workflow to reflect new API-centric deployment process. - Expanded and clarified parameter definitions for all available tools.
v1.0.0
Initial release of the AppDeploy skill. - Deploy web apps to a public URL with optional backend APIs, database, file storage, and real-time features. - Requires MCP server connection; start with `get_deploy_instructions` to fetch deployment rules.
Metadata
Slug appdeploy
Version 1.0.7
License
All-time Installs 3
Active Installs 3
Total Versions 5
Frequently Asked Questions

What is AppDeploy?

Deploy web apps with backend APIs, database, file storage, AI operations, authentication, realtime, and cron jobs. Use when the user asks to deploy or publis... It is an AI Agent Skill for Claude Code / OpenClaw, with 3332 downloads so far.

How do I install AppDeploy?

Run "/install appdeploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AppDeploy free?

Yes, AppDeploy is completely free (open-source). You can download, install and use it at no cost.

Which platforms does AppDeploy support?

AppDeploy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AppDeploy?

It is built and maintained by avimak (@avimak); the current version is v1.0.7.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments