← Back to Skills Marketplace
Devops Platform Skill
by
yuanqiuqian
· GitHub ↗
· v1.0.0
· MIT-0
98
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install devops-platform-skill
Description
Manage and query DevOps platform data, including applications, iterations, releases, and statistics via configured API access with user token authorization.
README (SKILL.md)
DevOps Platform Skill
管理DevOps效能平台,提供完整的DevOps平台API访问功能。
配置
使用前需要配置:
- 后端接口地址
- 用户的Open Token
功能
📊 应用管理
- 查询应用列表
- 获取应用详细信息
- 按状态筛选应用
🔄 迭代管理
- 查询研发迭代列表
- 查询我的研发迭代列表
- 查询迭代下的应用列表
- 收藏/取消收藏迭代
- 查询收藏的迭代列表
📅 发布管理
- 查询发布窗口列表
- 查询发布任务列表
- 查询发布记录列表
- 查询染色环境应用列表
📈 统计信息
- 平台统计信息概览
使用方法
初始化配置
devops-platform config --base-url \x3C后端地址> --token \x3C用户token>
查看配置状态
devops-platform status
应用相关命令
# 查询应用列表
devops-platform apps [--page \x3C页码>] [--size \x3C每页大小>] [--status \x3C状态>]
# 获取应用详细信息
devops-platform app-detail --id \x3C应用ID>
# 查询染色环境应用列表
devops-platform staging-apps [--page \x3C页码>] [--size \x3C每页大小>]
迭代相关命令
# 查询研发迭代列表
devops-platform iterations [--page \x3C页码>] [--size \x3C每页大小>] [--search \x3C搜索词>] [--status \x3C状态>]
# 查询我的研发迭代列表
devops-platform my-iterations [--page \x3C页码>] [--size \x3C每页大小>]
# 查询迭代下的应用列表
devops-platform iteration-apps --plan-id \x3C迭代ID> [--page \x3C页码>] [--size \x3C每页大小>]
# 收藏迭代
devops-platform favorite-iteration --plan-id \x3C迭代ID>
# 取消收藏迭代
devops-platform favorite-iteration --plan-id \x3C迭代ID> --remove
# 查询收藏的迭代列表
devops-platform favorites [--page \x3C页码>] [--size \x3C每页大小>]
发布相关命令
# 查询发布窗口列表
devops-platform pub-windows [--page \x3C页码>] [--size \x3C每页大小>] [--status \x3C状态>] [--window-date \x3C日期>]
# 查询发布任务列表
devops-platform pub-tasks [--page \x3C页码>] [--size \x3C每页大小>] [--plan-id \x3C迭代ID>] [--status \x3C状态>]
# 查询发布记录列表
devops-platform pub-records [--page \x3C页码>] [--size \x3C每页大小>] [--task-id \x3C任务ID>] [--status \x3C状态>]
统计信息
# 获取平台统计信息
devops-platform stats
帮助信息
# 显示所有命令
devops-platform help-all
API 详情
基于OpenAPI 3.0规范,支持以下接口:
应用管理接口
GET /application/app/list- 查询应用列表GET /application/app/{id}- 获取应用详细信息
迭代管理接口
GET /publish/publishplan/list- 查询研发迭代列表GET /publish/publishplan/myplanlist- 查询我的研发迭代列表GET /publish/publishplan/applist- 查询迭代下应用列表POST /publish/publishplan/favorite- 收藏迭代POST /publish/publishplan/unfavorite- 取消收藏迭代GET /publish/publishplan/myfavoritelist- 查询收藏的迭代列表GET /publish/publishplan/stagingapplist- 查询染色环境应用列表
发布管理接口
GET /publish/pubwindow/list- 查询发布窗口列表GET /publish/pubtask/list- 查询发布任务列表GET /publish/pubrecord/list- 查询发布记录列表
请求头
所有接口都需要以下请求头:
authorization: Bearer {用户token}from: openapicontent-type: application/json
错误处理
- 配置缺失时会提示用户先进行配置
- 网络错误会显示详细错误信息
- API错误会显示状态码和响应数据
- 支持超时设置(15秒)
Usage Guidance
This skill appears to implement the documented DevOps API queries, but there are red flags you should address before installing or using it:
- Do not assume the token is encrypted: the shipped JS writes the token in plaintext to ~/.devops-platform-config.json despite documentation claiming 'local encrypted storage'. Treat the saved token as sensitive and avoid using high-privilege tokens.
- Inspect setup.sh and package.json before running any install or sudo/copy commands. setup.sh could run arbitrary commands with elevated privileges.
- Because the package logs request URLs/parameters and full error responses, it can leak internal API paths and response bodies to stdout/stderr — avoid running it in shared logs or CI without review.
- If you decide to use it, run it in a controlled environment (VM/container) first and prefer a least-privilege token (read-only if possible). After testing, rotate the token you provided to limit exposure.
- If you require stronger protection for the token, do not install until the author implements secure storage (encrypted at rest) or provide an alternative secret injection mechanism (OS keyring, env var managed by your secrets manager).
If you want, I can: (1) extract and show the contents of setup.sh and package.json; (2) point out exact lines where the token is written/read; or (3) recommend minimal hardening changes to the code (e.g., using OS keyring, avoid printing sensitive debug info).
Capability Analysis
Type: OpenClaw Skill
Name: devops-platform-skill
Version: 1.0.0
The skill bundle provides a comprehensive CLI tool and OpenClaw skill for interacting with a DevOps performance platform API. The code (found in bin/devops-platform-enhanced.js and variants) implements standard administrative functions such as querying application lists, iteration details, and deployment records using user-provided credentials stored locally in ~/.devops-platform-config.json. The installation script (setup.sh) follows standard Node.js patterns for global package installation and skill deployment. No evidence of data exfiltration, malicious execution, or prompt injection was found; the tool's behavior is entirely consistent with its documented purpose of DevOps platform management.
Capability Assessment
Purpose & Capability
Name/description match the code: this is a CLI to query a DevOps platform via a user-provided base URL and token. Requiring a base URL and token (stored in a config file) is proportionate. Minor mismatch: registry lists 'No install spec / instruction-only', but the package actually contains multiple executable JS files, package.json, package-lock.json and a setup.sh — not consistent with an instruction-only skill.
Instruction Scope
SKILL.md and the CLI commands are scoped to querying the described API endpoints and managing local config. However the project documentation and AI_BRAINSTORM_DOC state 'local encrypted storage' and security defaults; the actual JS code writes the token and baseUrl to a plaintext JSON file at ~/.devops-platform-config.json. That is a concrete mismatch between stated security behavior and implementation. The CLI also prints debug request URLs/params and full error responses which could reveal internal URLs/IDs; this increases information leakage risk.
Install Mechanism
No registry install spec was provided (metadata showed 'no install spec'), but INSTALL.md and package files indicate npm-based installation and copying into OpenClaw skills directory; a setup.sh (3035 bytes) is present. There are no remote download URLs in the reviewed files, so no obvious arbitrary external installer, but you should inspect setup.sh and package.json before running any install steps (setup.sh might perform operations requiring privilege).
Credentials
The skill does not request unrelated environment variables or external credentials in metadata. It legitimately needs a base API URL and a user token. Those are stored in a local config file rather than environment variables. That is proportionate — but see the storage/handling concern above (plaintext config).
Persistence & Privilege
The skill is not force-included (always:false) and does not request platform-wide privileges. Its persistent presence is limited to writing/reading a config file in the user's home directory (~/.devops-platform-config.json), which is expected for a CLI but should be understood as storing credentials on disk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install devops-platform-skill - After installation, invoke the skill by name or use
/devops-platform-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of devops-platform-skill.
- Provides API access to manage DevOps efficiency platforms.
- Supports configuration of backend endpoint and user Open Token.
- Features include application management, iteration management, release management, and platform statistics overview.
- Includes detailed CLI commands for querying and managing applications, iterations, releases, and statistics.
- Complete API documentation following OpenAPI 3.0 standard.
- Handles errors for configuration, network, and API issues, with 15-second timeout support.
Metadata
Frequently Asked Questions
What is Devops Platform Skill?
Manage and query DevOps platform data, including applications, iterations, releases, and statistics via configured API access with user token authorization. It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.
How do I install Devops Platform Skill?
Run "/install devops-platform-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Devops Platform Skill free?
Yes, Devops Platform Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Devops Platform Skill support?
Devops Platform Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Devops Platform Skill?
It is built and maintained by yuanqiuqian (@yuanqiuqian); the current version is v1.0.0.
More Skills