← 返回 Skills 市场
Shadows Deploy Guardian
作者
NakedoShadow
· GitHub ↗
· v1.1.0
375
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install shadows-deploy-guardian
功能描述
Pre-deployment verification checklist — tests, types, build, secrets scan, environment validation. Use before pushing to production or staging.
安全使用建议
This skill appears to be what it says — a pre-deployment checklist — but it will run your repo's tests/builds/linters and inspect git history. Those operations can execute arbitrary code from the repository and may print secret-like strings to stdout. Before installing or invoking: 1) run it on a cloned or sandboxed copy (not directly in a production environment); 2) ensure CI/runner environment isolates network and credentials; 3) be aware the secrets-scan uses grep and can echo matched text to logs — use a dedicated secret scanner (gitleaks/detect-secrets) for production-sensitive work; 4) note minor docs issues (it references DEPLOY_URL and Docker but Docker isn't listed in required bins, and 'docker build --dry-run' is not a standard docker flag) — review and adapt the commands to your environment before running. If you want higher assurance, request a version with explicit opt-in checks and no direct stdout of potential secrets.
功能分析
Type: OpenClaw Skill
Name: shadows-deploy-guardian
Version: 1.1.0
The skill provides a pre-deployment verification framework that executes high-risk operations, including running arbitrary project scripts (e.g., 'npm test', 'cargo build') and making outbound network requests via 'curl' to user-defined URLs in SKILL.md. While these actions are clearly aligned with the stated purpose and the documentation includes explicit security warnings regarding sandboxing and secret exposure in logs, the inherent risk of remote code execution and network access from untrusted repositories meets the threshold for a suspicious classification.
能力评估
Purpose & Capability
Name and description describe a pre-deploy checklist (tests, lint, build, secrets scan, env validation) and the SKILL.md implements those gates directly. Required binaries (git + one of npm/python/cargo) are consistent with detecting and exercising common project toolchains.
Instruction Scope
The instructions explicitly run tests, builds, linters and git history scans; these are expected for a pre-deploy tool but also mean the agent will execute repository code and parse commit history. The SKILL.md itself warns about sandboxing. Also Gate 6 references $DEPLOY_URL (optional) and the secrets-scan grep will print matched lines to stdout — outputs may contain secret-like strings and could be logged/shared.
Install Mechanism
No install spec and no code files — instruction-only skill. This reduces install-time risk because nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables (reasonable), but the instructions reference an optional $DEPLOY_URL and .env/.env.example handling. This is a minor inconsistency (uses optional env vars without declaring them), and the instructions may surface secret-like values in output. The skill does not request any credentials or secrets itself.
Persistence & Privilege
always is false, disable-model-invocation is not set (normal), and there are no config paths or claims of persistent system modification. The skill does not request permanent presence or elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shadows-deploy-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/shadows-deploy-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
HIGH TRUST: full bins+anyBins declaration, PREREQUISITES with toolchain detection, SECURITY CONSIDERATIONS, concrete Gate 6, sandboxing guidance
v1.0.0
Initial release of Deploy Guardian — a comprehensive pre-deployment checklist.
- Introduces a 6-gate protocol: Git status, tests, type/lint check, build, secrets scan, environment validation.
- Offers step-by-step verification commands and manual checks for each gate.
- Defines clear PASS/FAIL criteria; any failure blocks deployment.
- Provides a structured markdown output report summarizing results and blockers.
- Enforces strict protocols on secrets, tests, and deployment safety.
- Designed for use before pushing code to production or staging.
元数据
常见问题
Shadows Deploy Guardian 是什么?
Pre-deployment verification checklist — tests, types, build, secrets scan, environment validation. Use before pushing to production or staging. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 375 次。
如何安装 Shadows Deploy Guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shadows-deploy-guardian」即可一键安装,无需额外配置。
Shadows Deploy Guardian 是免费的吗?
是的,Shadows Deploy Guardian 完全免费(开源免费),可自由下载、安装和使用。
Shadows Deploy Guardian 支持哪些平台?
Shadows Deploy Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Shadows Deploy Guardian?
由 NakedoShadow(@nakedoshadow)开发并维护,当前版本 v1.1.0。
推荐 Skills