← Back to Skills Marketplace

Deployment Kit

Name: Deployment Kit
Author: yuyonghao-123

by yuyonghao-123 · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

160

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yuyonghao-deployment-kit

Description

提供基于 Docker 和 GitHub Actions 的多阶段构建、CI/CD 流水线和健康检查的生产部署套件。

Usage Guidance

This skill largely behaves like a local Docker/CICD deployment helper, but there are several red flags to consider before installing or running it: 1) SKILL.md asks you to configure OPENAI_API_KEY (and 'other env vars') even though the included code does not use OpenAI — do not supply any secret keys until the author explains why they're needed. 2) The code runs shell commands (docker build/run, netstat, docker logs). That means running this skill will execute commands on your machine — ensure Docker is installed and run it in an isolated/test environment first. 3) The health-check example in the docs mismatches the script (it does not export runHealthChecks) and some commands include Windows-specific syntax (findstr, 2>nul) while other parts target Linux containers — expect cross-platform inconsistencies. 4) The docker-compose mounts a local ./config directory into the container as read-only — review that directory to ensure it does not contain secrets you'll inadvertently expose to containers. 5) If you plan to use this in production, ask the author to clarify why OpenAI credentials are mentioned, request a corrected SKILL.md that matches code exports, and audit the code (especially any shell exec invocations) before providing credentials or running on sensitive hosts.

Capability Analysis

Type: OpenClaw Skill Name: yuyonghao-deployment-kit Version: 0.1.0 The skill bundle contains a shell injection vulnerability in 'src/deploy-manager.js' where 'child_process.exec' is used with unvalidated configuration parameters (e.g., 'imageName', 'containerName', 'port'). While these capabilities are aligned with the stated purpose of a deployment kit, the lack of input sanitization allows for arbitrary command execution. Additionally, the code uses Windows-specific shell syntax ('findstr', '2>nul') which may cause unexpected behavior or errors on non-Windows systems.

Capability Assessment

ℹ Purpose & Capability

Files (docker-compose, deploy manager, health check, CI/CD mention) align with a deployment kit. However SKILL.md's '注意事项' asks to set OPENAI_API_KEY (and '等环境变量') even though the codebase does not consume OpenAI credentials — this is an unexplained mismatch.

⚠ Instruction Scope

Runtime instructions focus on building/running Docker and running the local health-check script (good), but examples in SKILL.md reference importing runHealthChecks from scripts/health-check.js although the script does not export that function. SKILL.md also asks user to set OPENAI_API_KEY (sensitive) without showing any runtime step that uses it. Some commands and examples are inconsistent (path and export mismatches), giving the agent or user too much ambiguous discretion.

✓ Install Mechanism

No install spec (instruction-only) and all code is included in the bundle. Nothing is downloaded from external URLs during install, so install risk is low.

⚠ Credentials

Manifest declares no required env vars, but SKILL.md instructs to configure OPENAI_API_KEY and '等环境变量' on first run. Requesting an API key for an unrelated provider (OpenAI) is disproportionate and is not justified by the provided source code.

✓ Persistence & Privilege

Skill is not always-enabled and does not request elevated or persistent platform-wide privileges. It does execute local shell commands (docker, netstat) which is expected for a deployment tool.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yuyonghao-deployment-kit
After installation, invoke the skill by name or use /yuyonghao-deployment-kit
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Initial release of Deployment Kit Skill. - Provides Docker-based containerization with multi-stage builds for optimal image size. - Supports one-click full stack deployment using Docker Compose. - Integrates CI/CD pipelines via GitHub Actions (build, test, deploy). - Includes health checks for gateway, disk, memory, and logs. - Features security scanning with Trivy. - Optional monitoring stack with Prometheus and Grafana. - Detailed setup instructions and configuration guidance.

Metadata

Slug yuyonghao-deployment-kit

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Deployment Kit?

提供基于 Docker 和 GitHub Actions 的多阶段构建、CI/CD 流水线和健康检查的生产部署套件。 It is an AI Agent Skill for Claude Code / OpenClaw, with 160 downloads so far.

How do I install Deployment Kit?

Run "/install yuyonghao-deployment-kit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Deployment Kit free?

Yes, Deployment Kit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Deployment Kit support?

Deployment Kit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Deployment Kit?

It is built and maintained by yuyonghao-123 (@yuyonghao-123); the current version is v0.1.0.

More Skills