← Back to Skills Marketplace
Shadows Deploy Guardian
by
NakedoShadow
· GitHub ↗
· v1.1.0
375
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install shadows-deploy-guardian
Description
Pre-deployment verification checklist — tests, types, build, secrets scan, environment validation. Use before pushing to production or staging.
Usage Guidance
This skill appears to be what it says — a pre-deployment checklist — but it will run your repo's tests/builds/linters and inspect git history. Those operations can execute arbitrary code from the repository and may print secret-like strings to stdout. Before installing or invoking: 1) run it on a cloned or sandboxed copy (not directly in a production environment); 2) ensure CI/runner environment isolates network and credentials; 3) be aware the secrets-scan uses grep and can echo matched text to logs — use a dedicated secret scanner (gitleaks/detect-secrets) for production-sensitive work; 4) note minor docs issues (it references DEPLOY_URL and Docker but Docker isn't listed in required bins, and 'docker build --dry-run' is not a standard docker flag) — review and adapt the commands to your environment before running. If you want higher assurance, request a version with explicit opt-in checks and no direct stdout of potential secrets.
Capability Analysis
Type: OpenClaw Skill
Name: shadows-deploy-guardian
Version: 1.1.0
The skill provides a pre-deployment verification framework that executes high-risk operations, including running arbitrary project scripts (e.g., 'npm test', 'cargo build') and making outbound network requests via 'curl' to user-defined URLs in SKILL.md. While these actions are clearly aligned with the stated purpose and the documentation includes explicit security warnings regarding sandboxing and secret exposure in logs, the inherent risk of remote code execution and network access from untrusted repositories meets the threshold for a suspicious classification.
Capability Assessment
Purpose & Capability
Name and description describe a pre-deploy checklist (tests, lint, build, secrets scan, env validation) and the SKILL.md implements those gates directly. Required binaries (git + one of npm/python/cargo) are consistent with detecting and exercising common project toolchains.
Instruction Scope
The instructions explicitly run tests, builds, linters and git history scans; these are expected for a pre-deploy tool but also mean the agent will execute repository code and parse commit history. The SKILL.md itself warns about sandboxing. Also Gate 6 references $DEPLOY_URL (optional) and the secrets-scan grep will print matched lines to stdout — outputs may contain secret-like strings and could be logged/shared.
Install Mechanism
No install spec and no code files — instruction-only skill. This reduces install-time risk because nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables (reasonable), but the instructions reference an optional $DEPLOY_URL and .env/.env.example handling. This is a minor inconsistency (uses optional env vars without declaring them), and the instructions may surface secret-like values in output. The skill does not request any credentials or secrets itself.
Persistence & Privilege
always is false, disable-model-invocation is not set (normal), and there are no config paths or claims of persistent system modification. The skill does not request permanent presence or elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shadows-deploy-guardian - After installation, invoke the skill by name or use
/shadows-deploy-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
HIGH TRUST: full bins+anyBins declaration, PREREQUISITES with toolchain detection, SECURITY CONSIDERATIONS, concrete Gate 6, sandboxing guidance
v1.0.0
Initial release of Deploy Guardian — a comprehensive pre-deployment checklist.
- Introduces a 6-gate protocol: Git status, tests, type/lint check, build, secrets scan, environment validation.
- Offers step-by-step verification commands and manual checks for each gate.
- Defines clear PASS/FAIL criteria; any failure blocks deployment.
- Provides a structured markdown output report summarizing results and blockers.
- Enforces strict protocols on secrets, tests, and deployment safety.
- Designed for use before pushing code to production or staging.
Metadata
Frequently Asked Questions
What is Shadows Deploy Guardian?
Pre-deployment verification checklist — tests, types, build, secrets scan, environment validation. Use before pushing to production or staging. It is an AI Agent Skill for Claude Code / OpenClaw, with 375 downloads so far.
How do I install Shadows Deploy Guardian?
Run "/install shadows-deploy-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Shadows Deploy Guardian free?
Yes, Shadows Deploy Guardian is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Shadows Deploy Guardian support?
Shadows Deploy Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Shadows Deploy Guardian?
It is built and maintained by NakedoShadow (@nakedoshadow); the current version is v1.1.0.
More Skills