← 返回 Skills 市场

Appian Inspectpkg

Name: Appian Inspectpkg
Author: solarspiker

作者 solarspiker · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

140

总下载

当前安装

版本数

在 OpenClaw 中安装

/install appian-inspectpkg

功能描述

Inspect an Appian package ZIP against the target environment to identify errors or warnings before deploying. Use before appian-deploy to validate a package.

使用说明 (SKILL.md)

Appian Inspect

Runs a pre-deployment inspection of a package ZIP against the Appian environment using the v2 Deployment Management API. Returns expected object counts and any errors or warnings.

A FAILED inspection status indicates a system error, not an invalid package. Errors and warnings are predictions about what deploying will do, not hard blockers.

Usage

node {baseDir}/scripts/index.js \x3CzipPath> [customizationFilePath]

Example

node {baseDir}/scripts/index.js "./appian-exports/MyPackage.zip"

Exported packages are saved to ./appian-exports/ by appian-export.

External endpoints

POST ${APPIAN_BASE_URL}/inspections — submits the package for inspection
GET ${APPIAN_BASE_URL}/inspections/{uuid} — polls for results

Security

Credentials (APPIAN_BASE_URL, APPIAN_API_KEY) are read from environment variables (injected by OpenClaw at runtime). If not injected, the script falls back to a appian.json file in the current working directory.
The package ZIP is uploaded only to your configured Appian environment.
No data is sent to any third-party service.
No shell commands are executed; all operations use Node.js built-in APIs.

安全使用建议

This skill appears to do what it says: upload a package ZIP to your Appian environment's /inspections endpoint and show results. Before installing or running it: 1) verify APPIAN_BASE_URL points to the intended Appian environment (avoid running against production unless you intend to); 2) use an API key scoped with the minimum permissions required for inspections; 3) check for any appian.json files in the current or parent directories (the script searches up to 5 levels) to ensure it won't pick up unexpected credentials; 4) review scripts/index.js yourself if you want to confirm there are no additional network calls in your copy; and 5) run the script in a Node environment with the expected globals (fetch/FormData/Blob) or adapt it accordingly.

功能分析

Type: OpenClaw Skill Name: appian-inspectpkg Version: 1.1.0 The appian-inspectpkg skill is designed to validate Appian package ZIP files against a target environment using the official Appian Deployment Management API. The implementation in scripts/index.js correctly handles credentials via environment variables or a local appian.json file and performs network requests only to the user-specified APPIAN_BASE_URL. No evidence of data exfiltration, shell execution, or malicious intent was found; the code logic is strictly aligned with the functionality described in SKILL.md.

能力标签

requires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description, required env vars (APPIAN_BASE_URL, APPIAN_API_KEY), SKILL.md, and the included Node script all align: the script uploads a user-supplied ZIP to the Appian inspections endpoint and polls for results. No unrelated credentials or binaries are requested.

ℹ Instruction Scope

Instructions and code stay within the stated scope (read package ZIP, optionally read customization file, read Appian creds, POST to /inspections and poll). Minor mismatch: SKILL.md says the script falls back to an appian.json in the current working directory, but the code searches up to 5 parent directories for appian.json — this could cause it to load credentials from higher-level project dirs unintentionally.

✓ Install Mechanism

No install spec; the skill is instruction-only with an included script. Nothing is downloaded or extracted at install time, which minimizes installation risk.

ℹ Credentials

Only APPIAN_BASE_URL and APPIAN_API_KEY are required (appropriate for the API used). Caveat: the script will populate environment variables from an appian.json it finds (current dir or up to 5 parent dirs), so it may read local config files containing other values if such a file exists.

✓ Persistence & Privilege

Skill is not always-enabled, requests no persistent platform-level privileges, and does not modify other skills or system-wide configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install appian-inspectpkg
安装完成后，直接呼叫该 Skill 的名称或使用 /appian-inspectpkg 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

Version 1.1.0 - Updated scripts/index.js. - No user-facing changes to documentation or usage.

v1.2.1

No changes detected in this release. - Version bumped to 1.2.1 with no updates to code or documentation.

v1.2.0

- Added support for reading credentials from a local appian.json file if environment variables are not set. - Updated usage example to show exported packages are saved to ./appian-exports/ by appian-export. - Improved documentation for credentials handling and integration with OpenClaw.

v1.0.0

Initial release of appian-inspectpkg - Adds a tool to inspect Appian deployment packages before deploying. - Validates a package ZIP against the target environment, revealing errors or warnings. - Uses the v2 Deployment Management API for inspections. - Requires environment variables: APPIAN_BASE_URL and APPIAN_API_KEY. - All communications are secure and limited to your Appian environment only.

元数据

Slug appian-inspectpkg

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题