← Back to Skills Marketplace
liangjfblue

Skill

by liangjf · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ⚠ suspicious
63
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ossify-deploy
Description
一键部署静态网站到阿里云 OSS。当用户说「部署」「发布」「上线」「deploy」「重新配置」「更新凭证」「更换 AccessKey」时触发。
Usage Guidance
This skill appears to implement a legitimate OSS deploy workflow, but take precautions before installing/using it: - Be aware the skill will ask you to paste your Alibaba AccessKey ID and Secret directly into the conversation. Conversation logs may persist — avoid pasting production/root keys into chat. Prefer creating a temporary RAM user with limited, least-privilege policies and use that key. - The skill will write credentials to ~/.ossify/auth.json in plaintext. If you use it, review that file, consider encrypting or deleting it after use, and verify file permissions. - The SKILL.md assumes node/npm, Bash, and a browser-devtools MCP tool are available, but the manifest does not declare these requirements — ensure these tools exist and understand the commands the skill will run (it may install global npm packages). If you prefer more control, use the manual mode and perform account/key creation yourself rather than enabling the automatic browser automation. - Review the requested RAM policies (AliyunOSSFullAccess, AliyunDNSFullAccess, AliyunCDNFullAccess). Grant only the permissions you actually need; for simple uploads OSS-only may be enough. - If you need higher assurance: run the skill in a disposable environment, use temporary keys, or manually follow the guide/index.html steps and avoid pasting credentials into chat. Given the secret-handling and undeclared runtime-tool assumptions, this skill is coherent with its purpose but presents practical privacy/operational risks — proceed cautiously.
Capability Analysis
Type: OpenClaw Skill Name: ossify-deploy Version: 1.0.4 The skill automates static site deployment to Alibaba Cloud OSS but employs high-risk credential handling and automation patterns. In SKILL.md, it instructs the agent to use Chrome DevTools MCP to automate the creation of RAM users and grant broad administrative permissions (AliyunOSSFullAccess, AliyunDNSFullAccess, AliyunCDNFullAccess). It also explicitly directs the user to paste sensitive AccessKey Secrets into the chat interface and uses 'node -e' shell execution to write these credentials to a local file (~/.ossify/auth.json). While these actions are aligned with the stated purpose of a 'one-click' deployment tool, the automation of IAM policies and the handling of secrets in plain text within the agent's prompt history represent significant security risks.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
The skill's stated purpose (deploy static site to Alibaba OSS) matches the actions described (create RAM user, collect AccessKey, validate with ali-oss, run auto-static-web). However the metadata declares no required binaries or credentials while SKILL.md repeatedly assumes presence of node, npm, chmod/icacls, and a Bash execution tool and also uses MCP chrome-devtools tools. The omission of these runtime requirements in the manifest is an inconsistency (missing declared dependencies/tools).
Instruction Scope
The instructions ask the agent to: run arbitrary Bash/Node commands, open/control a browser via MCP (list_pages, new_page, fill, click, take_screenshot), and ask the user to paste AccessKey ID and Secret directly into the chat (explicitly '不要用 AskUserQuestion' — so the secret appears in conversation). It also instructs writing credentials to ~/.ossify/auth.json. Collecting and storing raw credentials in chat and a local file is outside of a minimal, privacy-preserving scope and increases exposure/risk.
Install Mechanism
This is an instruction-only skill with no install spec or code to download, which is lowest-risk from installation perspective. The SKILL.md does instruct installing global npm packages (ali-oss, auto-static-web) at runtime, but that's part of the runtime flow rather than an install manifest — the lack of an install spec is consistent with an instruction-only skill.
Credentials
The only secrets this skill needs (AccessKey ID and Secret) are appropriate for deploying to Alibaba Cloud. However, the SKILL.md instructs the user to paste secrets into the chat (where transcripts may be logged) and to store them unencrypted in a local file (~/.ossify/auth.json). The skill does not declare required env vars but still sets ephemeral env vars for validation; the biggest proportionality concern is the handling/transit/storage of secrets rather than the types of credentials requested.
Persistence & Privilege
The skill writes a persistent credentials file under the user's home directory and sets restrictive file permissions (chmod 600 / icacls). always is false and the skill doesn't request system-wide or other-skills' config changes. Persisting credentials locally is a reasonable design choice for convenience, but it is a privilege with lasting impact and the skill's manifest did not call this out explicitly.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ossify-deploy
  3. After installation, invoke the skill by name or use /ossify-deploy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- 完善了阿里云 OSS 静态站点自动化部署 Skill 引导流程,详细分为自动引导和手动引导两种模式,支持凭证一键配置验证。 - 明确所有凭证读取、文件操作、浏览器自动化全部通过 Bash 工具链完成,不含可执行代码。 - 新增自动化流程:在检测到 Chrome DevTools 可用时,可自动填表、截图、辅助创建 RAM 用户并收集 AccessKey。 - 明确凭证格式、保存路径与权限管理,并提供跨平台 Bash 示例供用户手动引导时操作。 - 优化部署流程,每一项参数(Bucket、域名、备案、HTTPS)均需用户逐步确认,不会跳步。 - 部署成功后自动更新凭证文件的 lastDeploy 字段,便于下次快捷部署。 - 增加隐私与安全说明,明确所有敏感信息仅本地保存。
Metadata
Slug ossify-deploy
Version 1.0.4
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skill?

一键部署静态网站到阿里云 OSS。当用户说「部署」「发布」「上线」「deploy」「重新配置」「更新凭证」「更换 AccessKey」时触发。 It is an AI Agent Skill for Claude Code / OpenClaw, with 63 downloads so far.

How do I install Skill?

Run "/install ossify-deploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill free?

Yes, Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill support?

Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill?

It is built and maintained by liangjf (@liangjfblue); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments