← Back to Skills Marketplace
119
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-essesseff
Description
Interact with the essesseff DevOps platform — call the essesseff Public API (templates, organizations, apps, deployments, images, image lifecycle, environmen...
Usage Guidance
This skill appears internally consistent with its stated purpose, but it needs several powerful credentials and access to your GitHub org and Kubernetes context to run the onboarding flows. Before installing: (1) only proceed if you trust the essesseff project and its GitHub repo; (2) use least-privilege tokens (prefer fine‑grained GitHub PATs with exact scopes, rotate them after use); (3) keep .essesseff out of version control and follow the README guidance to delete notifications-secret.yaml after applying it; (4) run the onboarding utility in a controlled environment (correct kubectl context) and review the onboarding scripts in the cloned repo before executing; (5) if you only need read-only API operations, avoid providing org-admin PATs or running the create-app flows.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-essesseff
Version: 1.0.2
The skill bundle facilitates high-privilege DevOps operations but exhibits suspicious patterns by requiring sensitive credentials (e.g., GITHUB_ORG_ADMIN_PAT with workflow scopes) and instructing the agent to clone and execute external shell scripts (essesseff-onboard.sh) from a remote repository (github.com/essesseff/essesseff-onboarding-utility). It also handles the retrieval of sensitive Kubernetes secrets via the /notifications-secret API endpoint. While aligned with its stated purpose of platform onboarding, the combination of fetch-and-execute behavior and broad credential requirements poses a high risk of abuse or supply-chain compromise.
Capability Assessment
Purpose & Capability
Name/description match the manifest and SKILL.md. Required binaries (curl, bash, git, jq, kubectl) and environment variables (essesseff API key, account slug, GitHub PATs, ArgoCD machine-user token/email, template/app names, K8s namespace) are consistent with the two stated functions (direct API calls and running the onboarding shell utility).
Instruction Scope
SKILL.md instructs only API calls and the onboarding shell workflow (cloning templates, string replacement, creating repos, writing .env files for Argo CD, calling setup scripts). It explicitly documents what secrets are used and which are copied to per-repo .env files. It does not ask the agent to read unrelated system files or transmit secrets to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no archive downloads — lowest-risk install profile. All behavior comes from packaged docs and referenced shell scripts in the repo.
Credentials
The skill requests multiple sensitive credentials (ESSESSEFF_API_KEY, ESSESSEFF_ACCOUNT_SLUG, GITHUB_ORG_ADMIN_PAT, GITHUB_TOKEN, ARGOCD_MACHINE_USER/EMAIL). These appear justified by the two operation modes (subscriber mode requires essesseff API key and account slug; non-subscriber app creation requires an org-admin PAT; Argo CD setup requires a machine-user token/email). Users should ensure tokens use minimal scopes (prefer fine-grained PATs) and understand which token is used for which operation.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent-wide persistence. It writes per-repo .env files and may write a local .essesseff config file when running the onboarding utility — behavior expected and documented. It does not modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-essesseff - After installation, invoke the skill by name or use
/openclaw-essesseff - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added ESSESSEFF_ACCOUNT_SLUG, GITHUB_ORG_ADMIN_PAT, TEMPLATE_NAME, TEMPLATE_IS_GLOBAL, and K8S_NAMESPACE to required environment variables.
- Specified ESSESSEFF_API_KEY as the primary environment variable.
- No changes to functionality or API usage; metadata requirements updated for improved clarity and integration.
v1.0.1
- Added new binary requirements: bash, git, jq, kubectl.
- Introduced additional required environment variables: GITHUB_TOKEN, ARGOCD_MACHINE_USER, ARGOCD_MACHINE_EMAIL, GITHUB_ORG, APP_NAME.
- No other functional or documentation changes detected.
v1.0.0
Initial release of the openclaw-essesseff skill.
- Enables interaction with the essesseff DevOps ALM platform via both HTTP API and onboarding utility shell script.
- Supports management of templates, organizations, apps, deployments, images, image lifecycle, environments, retention policies, and packages.
- Automates app creation and Argo CD environment setup using essesseff-onboard.sh.
- Provides detailed API endpoint mapping for both global and account-specific actions.
- Documents required authentication, rate limits, lifecycle actions, and error codes.
Metadata
Frequently Asked Questions
What is essesseff DevOps ALM?
Interact with the essesseff DevOps platform — call the essesseff Public API (templates, organizations, apps, deployments, images, image lifecycle, environmen... It is an AI Agent Skill for Claude Code / OpenClaw, with 119 downloads so far.
How do I install essesseff DevOps ALM?
Run "/install openclaw-essesseff" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is essesseff DevOps ALM free?
Yes, essesseff DevOps ALM is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does essesseff DevOps ALM support?
essesseff DevOps ALM is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created essesseff DevOps ALM?
It is built and maintained by adamdurst (@adamdurst); the current version is v1.0.2.
More Skills