← Back to Skills Marketplace
Azure Bicep Deploy
by
junior-juarez-MSFT
· GitHub ↗
· v2.1.0
· MIT-0
397
Downloads
0
Stars
2
Active Installs
5
Versions
Install in OpenClaw
/install azure-bicep-deploy
Description
Deploy and validate Azure Bicep and ARM templates to manage resources and multi-environment setups, including Azure Container Apps configurations.
README (SKILL.md)
Azure Bicep Deploy
Prerequisites (Required)
Before using this skill, ensure:
-
Azure CLI installed
az --versionInstall from: https://docs.microsoft.com/cli/azure/install-azure-cli
-
Azure CLI authenticated
az login # Interactive login az login --tenant \x3Ctenant-id> # For specific tenant az account show # Verify logged in -
Correct subscription selected (if multiple)
az account list # List subscriptions az account set --subscription \x3Csub-id> # Switch subscription -
Bicep CLI installed
az bicep install # Install Bicep az bicep version # Verify installationOr use built-in:
az deployment group createauto-compiles Bicep
Deploy a Bicep File
az deployment group create \
--resource-group \x3Crg-name> \
--template-file \x3Cpath-to-bicep> \
--parameters \x3Cparams-file>.json
Deploy an ARM Template
az deployment group create \
--resource-group \x3Crg-name> \
--template-file \x3Cpath-to-arm.json> \
--parameters \x3Cparams-file>.json
Validate a Template (What-If)
az deployment group what-if \
--resource-group \x3Crg-name> \
--template-file \x3Cpath-to-bicep>
Validate Syntax Only (Bicep)
az bicep build --file \x3Cbicep-file>
Multi-Environment Deployments
Use parameter files for each environment:
params/
├── dev.bicepparam # or dev.json
├── staging.bicepparam # or staging.json
└── prod.bicepparam # or prod.json
Deploy with environment:
az deployment group create \
--resource-group \x3Crg>-dev \
--template-file main.bicep \
--parameters @params/dev.json
Azure Container Apps
See references/container-apps.md for detailed Container App patterns including:
- Basic container deployment
- Ingress configuration
- Scaling rules
- revisions/versions
Create New Resources
When asked to create Azure resources via Bicep:
- Check if existing templates in
references/match your need - For Container Apps: use the sample in
assets/container-app/ - For other resources: generate using
az bicep build-params --fileor reference Azure QuickStart Templates
Scripts
Copy scripts from references or use directly:
- references/deploy.md — Deployment script with environment selection
- references/validate.md — Validate and what-if
- references/bicep-build.md — Build Bicep to ARM
Quick deploy (copy-paste one-liner):
az deployment group create --resource-group \x3Crg> --template-file main.bicep --parameters @params/dev.json
Usage Guidance
This skill appears to do what it claims: provide guidance and helper scripts for building, validating, and deploying Bicep/ARM templates via the Azure CLI. Before using it: (1) Review templates and parameter files for any hard-coded secrets or unexpected resource changes; (2) don't run the included PowerShell scripts without inspecting them—Invoke-Expression is used to execute constructed commands, which is normal for deploy scripts but can run unexpected commands if inputs are tampered with; (3) perform a 'what-if' first and validate templates locally (az bicep build / az deployment group what-if); (4) use a least-privilege Azure identity (service principal or scoped role) rather than a broad subscription-owner account for automated deploys; (5) verify container images and any referenced registries and avoid placing plaintext credentials in params files. If you need more assurance, provide the exact Bicep templates you plan to deploy and have them reviewed for resource and permission changes.
Capability Analysis
Type: OpenClaw Skill
Name: azure-bicep-deploy
Version: 2.1.0
The skill bundle contains several PowerShell scripts (`deploy.ps1`, `validate.ps1`, and `bicep-build.ps1`) that utilize the `Invoke-Expression` cmdlet to execute Azure CLI commands. This implementation is highly vulnerable to shell command injection because it concatenates user-provided parameters (such as resource group names and file paths) directly into a command string without sanitization. While the scripts' capabilities are aligned with the stated purpose of Azure Bicep deployment, the use of unsafe execution primitives constitutes a significant security risk.
Capability Assessment
Purpose & Capability
Name/description (Azure Bicep deployment, validation, multi-environment support and Container Apps) match the included SKILL.md, example parameter files, and PowerShell helper scripts. All required functionality is served by az/bicep CLI usage documented in the files; no unrelated services or credentials are requested.
Instruction Scope
Runtime instructions and scripts run az and bicep CLI commands and reference local params/templates only. They include Invoke-Expression to execute constructed PowerShell commands; this is expected for quick deploy scripts but means you should review templates/parameters before running to avoid executing commands built from untrusted input. Scripts reference local files (params/, references/) and standard az endpoints only.
Install Mechanism
No install spec and no code files that download or write binaries; this is instruction-only and therefore low install risk. The scripts may call 'az bicep install' if the user lacks the Bicep CLI, which uses the official Azure CLI mechanism.
Credentials
The skill declares no required environment variables or credentials. It does require the user to have an authenticated Azure CLI session (az login) and appropriate subscription permissions — which is proportional and expected for deployment operations. Parameter files contain placeholders for sensitive values (e.g., registry password) but the skill does not request or store secrets itself.
Persistence & Privilege
Skill is not always-enabled and is user-invocable; it does not attempt to modify other skills or persist credentials. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations in this package.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install azure-bicep-deploy - After installation, invoke the skill by name or use
/azure-bicep-deploy - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
Prerequisites are now clearly detailed section for users.
- Added an explicit "Prerequisites (Required)" section outlining Azure CLI/bicep installation, authentication, and subscription selection steps.
- Moved and expanded prerequisite details from the short description into a new, easy-to-follow setup checklist.
- Improved clarity on Azure CLI commands for login and subscription management.
- No technical or command changes; documentation only.
v2.0.0
- Major update with new documentation and usage guidance.
- SKILL.md rewritten for clarity, covering deployment, validation, multi-environment setup, and Azure Container Apps support.
- Quick start section added with CLI command examples.
- Step-by-step instructions for both Bicep and ARM templates.
- References to scripts and sample patterns for common workloads included.
v1.1.0
- Expanded documentation with detailed usage instructions and best practices.
- Added step-by-step guidance for deploying and validating both Azure Bicep and ARM templates.
- Introduced sections for multi-environment deployments and Azure Container Apps workloads.
- Provided example parameter file structure for dev/staging/prod setups.
- Included references to ready-to-use scripts for deployment and validation tasks.
v1.0.1
Version 1.0.1
- No file changes detected in this release.
- Functionality and documentation remain unchanged from the previous version.
v1.0.0
Initial release of azure-bicep-deploy.
- Deploy and validate Azure Bicep (.bicep) files and ARM (JSON) templates to Azure.
- Supports syntax validation, what-if preview, and multi-environment deployments through parameter files.
- Includes examples and scripts for deploying Azure Container Apps and other common scenarios.
- Provides PowerShell scripts for deployment, validation, and Bicep build workflows.
- Documentation and usage examples included for quick startup.
Metadata
Frequently Asked Questions
What is Azure Bicep Deploy?
Deploy and validate Azure Bicep and ARM templates to manage resources and multi-environment setups, including Azure Container Apps configurations. It is an AI Agent Skill for Claude Code / OpenClaw, with 397 downloads so far.
How do I install Azure Bicep Deploy?
Run "/install azure-bicep-deploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Azure Bicep Deploy free?
Yes, Azure Bicep Deploy is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Azure Bicep Deploy support?
Azure Bicep Deploy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Azure Bicep Deploy?
It is built and maintained by junior-juarez-MSFT (@junior-juarez-msft); the current version is v2.1.0.
More Skills