功能描述

Deploy local HTML/frontend files to Dele (dele.fun) and get a live URL

使用说明 (SKILL.md)

Dele Deploy Skill

Name: Dele Deploy
Author: del-zhenwu

Overview

This skill allows AI Agents (OpenClaw, Cursor, Claude, etc.) to automatically deploy generated HTML files or frontend project folders to Dele (https://www.dele.fun) — a static site hosting platform. It returns a live URL that can be shared with the user.

Required Environment Variables

Variable	Description
`POSTME_API_KEY`	Required. Your Dele API key for authentication. Get one at https://www.dele.fun/api-keys
`POSTME_API_URL`	Optional. Defaults to `https://www.dele.fun/api/upload`

Prerequisites

Dele API Key: Generate an API key at https://www.dele.fun/api-keys, then set it as an environment variable:
```
POSTME_API_KEY="your-secret-agent-key"
```
Python Dependencies: The skill requires the requests library.
```
pip install requests
```

Usage Instructions for the Agent

When a user asks you to deploy, publish, or share a web application (like an HTML file or a frontend project folder) that you have just created, you should use this skill.

Determine the absolute path to the generated folder or file (target_path).
Invent a suitable, URL-friendly name for the application (app_name). It must contain only lowercase letters, numbers, and hyphens.
Call the postme_deploy skill with these parameters.
Present the resulting URL to the user.

Visibility Control

Apps default to public (visible on the Explore page). You can optionally set visibility:

Value	Behavior
`public`	Listed on Explore, anyone can view
`unlisted`	Not listed, accessible via direct URL
`password`	Requires a 4-character access code (auto-generated, returned in response)
`hidden`	Only the owner can access

If visibility is set to password, the response will include an accessCode (4 chars, 0-9a-z). Present this code to the user so they can share it with authorized visitors.

Example

If you generated a project in /tmp/workspace/my-app, you would call the skill with:

target_path: /tmp/workspace/my-app
app_name: my-app-v1
visibility: password (optional)

The skill will return a success message containing the live URL, e.g., Deployment successful! URL: https://www.dele.fun/app/my-app-v1/ If password-protected: Access code: x7k2

Tool Definition

{
  "name": "postme_deploy",
  "description": "Deploy a local folder or HTML file to the Dele system to get a live web URL.",
  "parameters": {
    "type": "object",
    "properties": {
      "target_path": {
        "type": "string",
        "description": "The local path to the folder or HTML file you want to deploy."
      },
      "app_name": {
        "type": "string",
        "description": "A unique, URL-friendly name for the application (lowercase letters, numbers, hyphens only)."
      },
      "api_url": {
        "type": "string",
        "description": "The full URL to the Dele /api/upload endpoint. Defaults to https://www.dele.fun/api/upload"
      },
      "api_key": {
        "type": "string",
        "description": "The API key for authentication (POSTME_API_KEY)."
      },
      "app_desc": {
        "type": "string",
        "description": "A short description of what the application does."
      },
      "visibility": {
        "type": "string",
        "enum": ["public", "unlisted", "password", "hidden"],
        "description": "App visibility level. Defaults to 'public'. If set to 'password', a 4-char access code will be auto-generated and returned."
      }
    },
    "required": [
      "target_path",
      "app_name"
    ]
  }
}

Python Implementation (`postme_deploy.py`)

import os
import requests
import re
from typing import Optional

def execute(
    target_path: str, 
    app_name: str, 
    api_url: str = "https://www.dele.fun/api/upload", 
    api_key: Optional[str] = None,
    app_desc: Optional[str] = None,
    visibility: Optional[str] = None
) -> str:
    """
    Deploy a local folder or HTML file to the Dele system.
    """
    if not os.path.exists(target_path):
        return f"Error: Target path '{target_path}' does not exist."
        
    if not re.match(r'^[a-z0-9-]+$', app_name):
        return "Error: app_name must contain only lowercase letters, numbers, and hyphens."

    valid_visibility = {"public", "unlisted", "password", "hidden"}
    if visibility and visibility not in valid_visibility:
        return f"Error: visibility must be one of {valid_visibility}"

    files_to_upload = []
    
    if os.path.isfile(target_path):
        files_to_upload.append((target_path, os.path.basename(target_path)))
    elif os.path.isdir(target_path):
        for root, _, files in os.walk(target_path):
            for file in files:
                file_path = os.path.join(root, file)
                rel_path = os.path.relpath(file_path, target_path).replace(os.sep, '/')
                files_to_upload.append((file_path, rel_path))
    else:
        return f"Error: '{target_path}' is neither a file nor a directory."

    if not files_to_upload:
        return "Error: No files found to upload."

    multipart_data = [('appName', (None, app_name))]
    if app_desc:
        multipart_data.append(('appDesc', (None, app_desc)))
        
    file_handles = []
    headers = {}
    if api_key:
        headers['Authorization'] = f"Bearer {api_key}"
        headers['x-agent-user'] = "openclaw-agent"

    try:
        for file_path, rel_path in files_to_upload:
            f = open(file_path, 'rb')
            file_handles.append(f)
            multipart_data.append(('files', (os.path.basename(file_path), f)))
            multipart_data.append(('paths', (None, rel_path)))

        response = requests.post(api_url, files=multipart_data, headers=headers)
        
        if response.status_code not in (200, 201):
            try:
                err_msg = response.json().get('error', response.text)
            except:
                err_msg = response.text
            return f"Deployment failed (Status {response.status_code}): {err_msg}"

        data = response.json()
        base_url = api_url.replace('/api/upload', '')
        app_url = f"{base_url}{data.get('url', f'/app/{app_name}/')}"
        result = f"Deployment successful! URL: {app_url}"

        # Set visibility if specified and not default
        if visibility and visibility != "public":
            vis_url = api_url.replace('/api/upload', '/api/apps/visibility')
            vis_resp = requests.post(
                vis_url,
                json={"appName": app_name, "visibility": visibility},
                headers=headers
            )
            if vis_resp.status_code == 200:
                vis_data = vis_resp.json()
                result += f"\
Visibility: {visibility}"
                if visibility == "password" and vis_data.get("accessCode"):
                    result += f"\
Access code: {vis_data['accessCode']}"
            else:
                result += f"\
Warning: Failed to set visibility to '{visibility}'"

        return result
            
    except Exception as e:
        return f"Error during deployment: {str(e)}"
    finally:
        for f in file_handles:
            f.close()

安全使用建议

Before installing or invoking this skill: 1) Treat the POSTME_API_KEY as sensitive — confirm the skill provenance and do not reuse high-privilege keys. 2) Verify the registry metadata / publisher; the SKILL.md requires an API key and the 'requests' package but the registry lists none — ask the publisher to fix metadata or provide a signed package. 3) When using the skill, limit target_path to project/workspace directories only (do not point it at home, root, or system config folders) to avoid accidental exfiltration of secrets. 4) Prefer reviewing the full implementation (complete Python code) before granting access; ensure uploads go to the expected POSTME_API_URL and that no extra environment variables or headers are exfiltrated. 5) If you cannot verify the author or code, avoid providing sensitive keys and consider using a throwaway API key scoped to minimal permissions.

功能分析

Type: OpenClaw Skill Name: dele-deploy Version: 1.0.5 The skill 'dele-deploy' (implemented in postme_deploy.py) allows an AI agent to upload local files or entire directories to an external hosting service (dele.fun). While this aligns with its stated purpose of deploying frontend projects, the tool lacks any path validation or restrictions, creating a high-risk vector for data exfiltration if the agent is directed to upload sensitive directories like ~/.ssh or project secrets. Additionally, the 'api_url' parameter is configurable, which could allow a prompt-injection attack to redirect the uploaded data to an unauthorized third-party endpoint.

能力评估

⚠ Purpose & Capability

The SKILL.md describes deploying local files to Dele and requires an API key and file read access — which is coherent for a deploy tool. However the registry metadata (required env vars, primary credential) lists none, which is inconsistent and surprising: the skill actually needs POSTME_API_KEY and the requests library.

ℹ Instruction Scope

Runtime instructions tell the agent to locate an absolute target_path, walk directories and read all files under it, and upload them to the external service. That behavior is consistent with deployment, but the instructions do not constrain target_path (could be /home or /etc if misused). The skill also instructs pip-installing the 'requests' package.

ℹ Install Mechanism

There is no formal install spec (instruction-only), so nothing is written by a package installer. This is lower risk than arbitrary downloads, but the SKILL.md tells operators to pip install 'requests' — a runtime dependency not declared in registry metadata.

⚠ Credentials

The skill requires an API key (POSTME_API_KEY) to authenticate to dele.fun, which is expected for this purpose. But the registry metadata omitted this requirement (and primary credential), creating a transparency gap. The API key is sensitive and will be sent to an external endpoint; the optional POSTME_API_URL also allows redirecting where data is uploaded.

✓ Persistence & Privilege

The skill does not request always:true and doesn't declare persistent system-wide changes. Autonomous invocation is allowed (platform default), which increases exposure but is not by itself unusual.

版本历史

v1.0.5

- Added support for controlling app visibility after deployment: choose from public, unlisted, password-protected (with access code), or hidden. - Updated usage instructions and tool definition to describe the new `visibility` parameter. - If app is deployed with password protection, the generated access code is provided in the response for sharing. - No file changes were detected outside of documentation updates.

v1.0.4

- Renamed the skill from "postme-deploy" to **"dele-deploy"**. - Clarified setup and usage instructions, including example calls and environment setup. - Expanded API parameters to include a short application description (`app_desc`). - Improved tool and Python implementation documentation for clarity and ease of integration.

元数据

Slug dele-deploy

版本 1.0.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Dele Deploy 是什么？

Deploy local HTML/frontend files to Dele (dele.fun) and get a live URL. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 123 次。

如何安装 Dele Deploy？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dele-deploy」即可一键安装，无需额外配置。

Dele Deploy 是免费的吗？

是的，Dele Deploy 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Dele Deploy 支持哪些平台？

Dele Deploy 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Dele Deploy？

由 del-zhenwu（@del-zhenwu）开发并维护，当前版本 v1.0.5。

Dele Deploy