← 返回 Skills 市场
Post Deployment Verifier
作者
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
45
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install post-deployment-verifier
功能描述
Verify deployments are healthy after release — check endpoints, compare response schemas, validate metrics, run smoke tests, verify database migrations, and...
安全使用建议
This skill appears to implement useful post-deploy checks, but it performs broad environment and system scanning that is not declared. Before installing or letting an agent run it (especially autonomously or in production):
- Inspect the full SKILL.md (and any truncated parts) line-by-line and confirm there are no unexpected network destinations or exfil paths.
- Run the script manually in a safe staging environment to observe exactly what it reads (env, logs, files).
- Remove or restrict the 'env | grep' discovery if you do not want all environment variables examined; prefer an explicit config (.deploy-verify.json) listing endpoints.
- Ensure the agent runs with minimal privileges (non-root) so journalctl/docker logs are limited, or run checks that don't require elevated access.
- Ask the publisher for source/homepage and to declare required env vars and tools (docker, journalctl, rg, python3, git) so you can make an informed consent decision.
If you cannot review or confine its runtime, avoid running this skill in production where environment variables or logs may contain secrets.
功能分析
Type: OpenClaw Skill
Name: post-deployment-verifier
Version: 1.0.0
The skill is a post-deployment verification utility designed to automate health checks, response schema validation, and resource monitoring. It uses standard system tools like curl, docker, and journalctl to inspect service status and logs (SKILL.md). While it scans environment variables for service URLs, it includes safety checks to ensure only HTTP/S endpoints are targeted, and its behavior remains strictly aligned with its stated purpose of deployment verification.
能力评估
Purpose & Capability
The declared purpose (health checks, response validation, metrics, migrations) lines up with the commands in SKILL.md (curl, response parsing, package.json/git lookup, docker logs, journalctl, docker-compose, k8s manifests). However the skill also instructs general environment variable scanning and reading system logs and manifests which expand its scope beyond a simple HTTP smoke-test; these actions can be legitimate for a deployment verifier but should be explicitly declared.
Instruction Scope
The runtime instructions instruct the agent to: enumerate environment variables (env | grep -iE "URL|HOST|ENDPOINT|SERVICE"), scan docker-compose and k8s yaml files, run curl against discovered endpoints, invoke python to fetch/parse JSON, run docker ps/logs, run journalctl/systemctl queries, and use git commands. The SKILL.md therefore reads environment variables and system logs and runs commands that can surface secrets or sensitive data. The skill's declared requirements list no environment access or binaries, so the instructions are broader than the declared surface.
Install Mechanism
Instruction-only skill with no install spec and no code files. That minimizes disk-write/remote-install risk.
Credentials
No required environment variables are declared, but the script probes the environment for any variables matching common host/URL patterns. That is a mismatch: the skill silently reads all env vars and could capture connection strings, tokens, or other secrets. It also reads system-level logs (docker logs, journalctl) without declaring elevated access or required tools.
Persistence & Privilege
always is false, and the skill does not request to modify other skills or system-wide configs. It does attempt operations (journalctl, docker logs, git) that may require elevated permissions, but it does not request persistent privileges or forced installation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install post-deployment-verifier - 安装完成后,直接呼叫该 Skill 的名称或使用
/post-deployment-verifier触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Post-Deployment Verifier v1.0.0
- Initial release.
- Verifies deployment health by checking service endpoints, response schemas, metrics, error rates, database migrations, and resource usage.
- Provides a full post-deployment verification (`verify`), a fast health check (`quick`), config generation (`config`), and a deployment confidence report (`report`).
- Supports Docker, Kubernetes, Node.js (Prisma, TypeORM, Sequelize), Django, and Rails environments.
元数据
常见问题
Post Deployment Verifier 是什么?
Verify deployments are healthy after release — check endpoints, compare response schemas, validate metrics, run smoke tests, verify database migrations, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 45 次。
如何安装 Post Deployment Verifier?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install post-deployment-verifier」即可一键安装,无需额外配置。
Post Deployment Verifier 是免费的吗?
是的,Post Deployment Verifier 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Post Deployment Verifier 支持哪些平台?
Post Deployment Verifier 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Post Deployment Verifier?
由 charlie-morrison(@charlie-morrison)开发并维护,当前版本 v1.0.0。
推荐 Skills