← Back to Skills Marketplace
solarspiker

Appian Deploymtstatus

by solarspiker · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
110
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install appian-deploymtstatus
Description
Check the status of an Appian deployment by UUID and optionally download its artifacts (log, package ZIP). Use after appian-export or appian-deploy to monito...
README (SKILL.md)

Appian Status

Retrieves the current status and artifact URLs for any Appian deployment using the v2 Deployment Management API. Supports optional polling and artifact download.

Usage

node {baseDir}/scripts/index.js \x3CdeploymentUuid> [--wait] [--download-log] [--download-zip]
Flag Description
--wait Poll until a terminal status is reached
--download-log Save the deployment log to ~/appian-exports/
--download-zip Save the package ZIP (export deployments only) to ~/appian-exports/

Examples

# Check immediately
node {baseDir}/scripts/index.js 208d489c-6f74-45f7-a48a-f0887fefeca9

# Wait for completion and download log
node {baseDir}/scripts/index.js 208d489c-6f74-45f7-a48a-f0887fefeca9 --wait --download-log

External endpoints

  • GET ${APPIAN_BASE_URL}/deployments/{uuid} — fetches deployment status
  • Artifact URLs returned by the API (log, ZIP) — downloaded only when flags are passed

Security

  • Credentials (APPIAN_BASE_URL, APPIAN_API_KEY) are read from environment variables (injected by OpenClaw at runtime). If not injected, the script falls back to an appian.json file in the current working directory.
  • Artifacts are saved only to ~/appian-exports/ — nothing is uploaded or sent to third parties.
  • No shell commands are executed; all operations use Node.js built-in APIs.
Usage Guidance
This skill appears to do what it says: it will call your Appian instance at APPIAN_BASE_URL using APPIAN_API_KEY and can save logs/ZIPs to ~/appian-exports when asked. Before installing/using it: (1) confirm you trust the APPIAN_BASE_URL you provide, (2) store APPIAN_API_KEY securely (the script reads it from env or appian.json), (3) check for any appian.json files in the current or parent directories you run this from—the script will load keys from up to 5 parent dirs and inject them into the environment, which could unintentionally surface or override values, and (4) if you expect primaryEnv to be the secret, consider that the skill marks the base URL as primaryEnv (this is informational only). If those behaviors are acceptable, the skill is coherent and safe to use in typical contexts.
Capability Analysis
Type: OpenClaw Skill Name: appian-deploymtstatus Version: 1.2.0 The skill 'appian-deploymtstatus' contains security vulnerabilities in 'scripts/index.js' that pose a risk to the user's environment. Specifically, the 'downloadArtifact' function is vulnerable to path traversal because it joins the user's home directory with an unsanitized filename extracted directly from the 'content-disposition' HTTP header. Additionally, the script sends the 'APPIAN_API_KEY' to any artifact URL returned by the Appian API without validating the destination domain, which could lead to credential exfiltration if the API response is manipulated. While these appear to be unintentional flaws rather than malicious intent, they represent significant security risks.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The requested environment variables (APPIAN_BASE_URL, APPIAN_API_KEY) and the included script align with the stated purpose of querying Appian deployment status and optionally downloading artifacts. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md states credentials fall back to an appian.json in the current working directory; the script actually searches up to 5 parent directories for appian.json and will load any key/value pairs found into process.env if those env vars are not already set. This is a minor scope expansion that could read unexpected local config files—worth reviewing appian.json files in parent dirs before running.
Install Mechanism
There is no install spec (instruction-only) and the included Node.js script runs locally. No downloads from untrusted URLs, no package managers invoked, and no extract/write of external archives during an install step.
Credentials
Only APPIAN_BASE_URL and APPIAN_API_KEY are required, which is proportional. Two small points: (1) the manifest lists APPIAN_BASE_URL as the primaryEnv (the API key is the secret credential — this is not dangerous but is slightly odd), and (2) loading arbitrary keys from appian.json into process.env could expose or override other local values if such files contain unexpected entries.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills or system-wide agent settings, and only writes files to a user-owned directory (~/appian-exports) when download flags are used.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install appian-deploymtstatus
  3. After installation, invoke the skill by name or use /appian-deploymtstatus
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- Updated to version 1.2.0. - scripts/index.js modified (details not provided). - No visible user-facing changes to documentation.
v1.1.0
Fix: use appian.json env fallback (consistent with other skills); save artifacts to ~/appian-exports/ instead of ~/.openclaw/exports/; correct security section in SKILL.md
v1.0.0
Initial release of appian-deploymtstatus. - Check the status of an Appian deployment using its UUID. - Optionally poll for status updates until completion. - Download deployment log and package ZIP artifacts with flags. - Credentials are securely read from environment variables only. - All files are saved locally; no data is uploaded externally.
Metadata
Slug appian-deploymtstatus
Version 1.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Appian Deploymtstatus?

Check the status of an Appian deployment by UUID and optionally download its artifacts (log, package ZIP). Use after appian-export or appian-deploy to monito... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install Appian Deploymtstatus?

Run "/install appian-deploymtstatus" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Appian Deploymtstatus free?

Yes, Appian Deploymtstatus is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Appian Deploymtstatus support?

Appian Deploymtstatus is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Appian Deploymtstatus?

It is built and maintained by solarspiker (@solarspiker); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments