← Back to Skills Marketplace
liupeidawn

Prod Deploy

by liupeidawn · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
86
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install prod-deploy
Description
生产环境发布部署自动化技能。用于 SM 交友网站 (zmq-club.com) 的一键发布流程,包括:数据库备份、结构对比、前端构建、代码部署、迁移执行、服务重启、生产验证。Use when 沛哥要求发布生产、部署代码、上线新功能、或执行发布 SOP。
Usage Guidance
Do not run or install this skill in a production environment as-is. Specific actions to take before considering use: - Treat the exposed IP/username/password in SKILL.md and scripts as compromised: rotate the SSH password/keys on the server immediately if these files were shared or uploaded. - Do not supply production credentials directly in skill files; replace hardcoded credentials with secrets managed by a vault or environment variables and document required env vars in the skill manifest. - Verify and fix the deploy.py file — it appears truncated/malformed (the __main__ block is incomplete) and paramiko is used but not declared as a dependency. - Review the code line-by-line to ensure it does only the intended deployment actions (no hidden network calls or exfiltration). Run in a staging environment first. - Prefer SSH key auth, least-privilege accounts (not root), and an audited CI/CD pipeline instead of running one-click scripts from an agent with embedded credentials. - If you cannot verify the origin of this skill (source/homepage unknown), avoid granting it access to production credentials or allowing autonomous invocation until a trusted audit is completed.
Capability Analysis
Type: OpenClaw Skill Name: prod-deploy Version: 1.0.1 The skill bundle contains hardcoded root SSH credentials (root:7758258Liu) for a production server (157.245.56.178) within SKILL.md and scripts/deploy.py. Although the scripts perform standard deployment tasks like database backups and service restarts for the site zmq-club.com, the inclusion of plaintext administrative credentials for a specific external IP address is a critical security vulnerability and highly irregular for a portable skill.
Capability Assessment
Purpose & Capability
The declared purpose (one-click production deploy) matches the actions (SSH, backup, copy files, run migrations). However the skill embeds production root credentials (IP, username, plaintext password) directly in SKILL.md and in scripts/deploy.py instead of using declared/managed secrets. It also imports paramiko but the package/dependency is not declared. Embedding a production root password in files is disproportionate and poor practice even if deployment legitimately needs access.
Instruction Scope
Runtime instructions and scripts instruct the agent to connect as root to a specific IP, run pg_dump, upload site files, run migrations, and restart services — all expected for deployment. But the docs/scripts include explicit credentials and reference many local paths under /home/administrator/.openclaw/workspace-main (reading/writing backups and memory files). The SKILL.md and scripts contain the credentials in plaintext and direct writes to workspace memory; this broad access and exposure of secrets is a scope risk. Also the deploy.py shown is truncated at the end and likely syntactically broken, so the claimed 'one-click' capability may be non-functional.
Install Mechanism
There is no install spec. The included script imports paramiko (and expects npm/pm2/tools) but the skill declares no required binaries or dependencies. That mismatch (code needing libraries that are not declared or installed) is incoherent and will cause runtime failures or require the agent to install additional packages without explicit instructions.
Credentials
The skill declares no required environment variables or primary credential, yet both SKILL.md and scripts embed a production SSH password and other sensitive server details. This is disproportionate: either the skill should declare and require a secret (and not store it in repo files), or it shouldn't contain production credentials at all. The presence of a plaintext root password in multiple files is a serious secret-exposure issue.
Persistence & Privilege
always:false (OK). The skill writes release notes to workspace/memory and performs operations on the host it has credentials for; that behavior is expected for a deployer. However, because the skill contains embedded production credentials and the platform allows autonomous invocation by default, the blast radius is higher — an agent or skill bug could use those credentials unexpectedly. The script does not attempt to modify other skills or global agent config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install prod-deploy
  3. After installation, invoke the skill by name or use /prod-deploy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- 更新一键发布命令,改为使用 skills/prod-deploy/scripts/deploy.py 路径执行主脚本 - references/QUICK-REFERENCE.md、RELEASE-SOP.md 小幅调整以配合脚本路径变动 - deploy.py 脚本路径与文档保持一致,目录规范化 - 其余流程与内容保持一致,使用体验无变更
v1.0.0
Initial release of the prod-deploy skill for automated production deployment. - One-click automated deployment for zmq-club.com, covering database backup, schema diff, frontend build, code deployment, migrations, service restart, and production verification. - Guides detailed pre-deployment checks and includes full & stepwise procedure for deployments and rollbacks. - Contains exact server, path, and script usage instructions. - Highlights important notices and common troubleshooting Q&A. - References supporting documentation and emphasizes backup and release recording best practices.
Metadata
Slug prod-deploy
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Prod Deploy?

生产环境发布部署自动化技能。用于 SM 交友网站 (zmq-club.com) 的一键发布流程,包括:数据库备份、结构对比、前端构建、代码部署、迁移执行、服务重启、生产验证。Use when 沛哥要求发布生产、部署代码、上线新功能、或执行发布 SOP。 It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.

How do I install Prod Deploy?

Run "/install prod-deploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Prod Deploy free?

Yes, Prod Deploy is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Prod Deploy support?

Prod Deploy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Prod Deploy?

It is built and maintained by liupeidawn (@liupeidawn); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments