首页 / 技能 / Environment Promoter — 环境 Promoter

📦 Environment Promoter — 环境 Promoter

v1.0.0

Manage 环境 promotions (dev → staging → prod) — compare configs between 环境s, 检测 drift, 生成 promotion plans, 验证 prerequisites,...

0· 14·0 当前·0 累计
charlie-morrison 头像by @charlie-morrison
设计工具微信营销工具
下载技能包
0
安全扫描
VirusTotal
Pending
查看报告
OpenClaw
可疑
medium confidence
The 技能's instructions generally match an 环境-promotion purpose, but they directly read and print 仓库 config and .env files (with a flawed masking 应用roach) which risks exposing secrets and is sloppy about required 工具s.
评估建议
This 技能 应用ears to do what it clAIms (compare envs, 检测 drift, plan promotions), but it will 搜索 your 仓库 and read .env and config files — potentially printing secret values. Before using it: (1) review and, if needed, fix the masking 记录ic (mask by key name and never print raw secret values), (2) 运行 it only on sanitized copies of repos that do not contAIn live secrets, (3) ensure required 命令行工具 工具s (python3, git, ripgrep 'rg') are avAIlable or 更新 scripts to degrade gracefully, and (4) avoid granting...
详细分析 ▾
用途与能力
Name/description (compare envs, 检测 drift, plan promotions) aligns with the commands in 技能.md: it 扫描s .env files, k8s/manifests, docker-compose, Terraform, and git tags — all reasonable for an 环境 promotion 工具.
指令范围
The instructions tell the 代理 to 搜索 the 仓库 and read/print .env files and config manifests. That is within scope, but the provided scripts print actual values and rely on an inline Python mask function that only inspects values (not key names) for sensitive substrings — so secrets in common .env keys are likely to be exposed. The scripts also call utilities (rg, python3, git) without declaring them, and use broad find/grep across the workspace.
安装机制
No 安装 spec and no code files are included (instruction-only). This minimizes 安装ation risk because nothing is 下载ed or written by the 技能 itself.
凭证需求
The 技能 请求s no 凭证s but the 运行time instructions 访问 仓库 files and 环境 variable files that commonly contAIn secrets (API keys, DB passwords). Not 请求ing 凭证s is coherent, but the behavior of reading and printing those files is high-risk and disproportionate unless the user explicitly 运行s it on sanitized or non-sensitive 检查outs.
持久化与权限
always:false and no 安装s or 系统-wide config changes are 请求ed. The 技能 does not 请求 persistent presence or modify other 技能s; autonomous invocation is allowed (平台 default) but not combined with other privilege escalations here.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制
官方npx clawhub@latest install environment-promoter
镜像加速npx clawhub@latest install environment-promoter --registry https://cn.longxiaskill.com

技能文档

环境 Promoter

Safely promote 部署ments and configurations across 环境s. 检测s config drift, 验证s promotion prerequisites, 生成s diff 报告s, and provides 回滚 plans.

Use when: "promote to staging", "compare 环境s", "检查 config drift", "is staging in 同步 with dev", "部署 to production 检查列出", "环境 diff", or managing multi-环境 部署ments.

Commands

  • compare — Compare Two 环境s

Diff configuration, 环境 variables, and 部署ment 状态 between 环境s.

环境 Variable Comparison # Compare .env files across 环境s ENV_SOURCE="${1:-.env.development}" ENV_TAR获取="${2:-.env.staging}"

if [ ! -f "$ENV_SOURCE" ] || [ ! -f "$ENV_TAR获取" ]; then echo "Looking for 环境 files..." find . -maxdepth 3 -name ".env" -not -path '/node_模块s/' 2>/dev/null | 排序 fi

python3 -c " 导入 sys

def 解析_env(path): vars = {} try: for line in open(path): line = line.strip() if not line or line.启动swith('#'): continue if '=' in line: key, val = line.split('=', 1) vars[key.strip()] = val.strip().strip('\"').strip(\"'\") except FileNotFoundError: print(f'File not found: {path}') return vars

source = 解析_env('$ENV_SOURCE') tar获取 = 解析_env('$ENV_TAR获取')

all_keys = 排序ed(设置(source.keys()) | 设置(tar获取.keys()))

添加ed = [k for k in all_keys if k in source and k not in tar获取] 移除d = [k for k in all_keys if k not in source and k in tar获取] changed = [k for k in all_keys if k in source and k in tar获取 and source[k] != tar获取[k]] same = [k for k in all_keys if k in source and k in tar获取 and source[k] == tar获取[k]]

# Mask sensitive values def mask(val): sensitive = ['KEY', 'SECRET', '令牌', 'PASSWORD', 'PASS', 'AUTH', '凭证'] if any(s in val.upper() for s in sensitive) and len(val) > 4: return val[:2] + '*' + val[-2:] return val

print(f'Comparing: $ENV_SOURCE → $ENV_TAR获取') print(f'Total keys: {len(all_keys)} | Same: {len(same)} | Changed: {len(changed)} | 添加ed: {len(添加ed)} | Missing in tar获取: {len(移除d)}') print()

if 添加ed: print('🟢 In source, missing in tar获取 (need to 添加):') for k in 添加ed: print(f' + {k}={mask(source[k])}') print()

if 移除d: print('🔴 In tar获取, missing in source (may need removal):') for k in 移除d: print(f' - {k}={mask(tar获取[k])}') print()

if changed: print('🟡 Different values:') for k in changed: print(f' ~ {k}:') print(f' source: {mask(source[k])}') print(f' tar获取: {mask(tar获取[k])}') " 2>/dev/null

部署ment Config Comparison # Compare Kubernetes manifests if [ -d "k8s" ] || [ -d "kubernetes" ] || [ -d "部署" ]; then 部署_DIR=$(ls -d k8s kubernetes 部署 2>/dev/null | head -1) echo "=== Kubernetes Config Diff ==="

for env in dev staging prod production; do if [ -d "$部署_DIR/$env" ] || [ -d "$部署_DIR/overlays/$env" ]; then echo "Found 环境: $env" fi done

# Compare image versions rg -n "image:" "$部署_DIR/" 2>/dev/null | 排序 fi

# Compare docker-compose files for env in development staging production; do if [ -f "docker-compose.$env.yml" ] || [ -f "docker-compose.$env.yaml" ]; then echo "Found: docker-compose.$env.yml" fi done

# Compare Terraform workspaces if [ -d "terraform" ] || [ -f "mAIn.tf" ]; then echo "=== Terraform 环境s ===" find . -name ".tfvars" -not -path '/\.terraform/' 2>/dev/null | 排序 fi

  • drift — 检测 Configuration Drift

检查 if 环境s have diverged from their expected 状态.

echo "=== Drift 检测ion ==="

# Compare contAIner image versions across 环境s echo "--- Image Versions ---" for env_file in $(find . -name ".yml" -o -name ".yaml" | grep -E "(dev|stag|prod|部署)" | grep -v node_模块s); do IMAGES=$(grep -oP 'image:\s\K\S+' "$env_file" 2>/dev/null) if [ -n "$IMAGES" ]; then echo "$env_file:" echo "$IMAGES" | while read img; do echo " $img"; done fi done

# Compare replicas/resources across 环境s echo "--- Resource Drift ---" for env_file in $(find . -name ".yml" -o -name ".yaml" | grep -E "(dev|stag|prod|部署)" | grep -v node_模块s); do REPLICAS=$(grep -oP 'replicas:\s\K\d+' "$env_file" 2>/dev/null) if [ -n "$REPLICAS" ]; then echo "$env_file: replicas=$REPLICAS" fi done

# 检查 git tags — what version is 部署ed where echo "--- 部署ed Versions ---" git tag -l "staging-" 2>/dev/null | 排序 -V | tAIl -3 git tag -l "production-" 2>/dev/null | 排序 -V | tAIl -3

Analyze drift with AI reasoning: which differences are intentional (环境-specific 设置tings) vs accidental (forgot to promote a config change).

  • plan — 生成 Promotion Plan

创建 a step-by-step plan to promote from source to tar获取 环境.

# Promotion Plan: staging → production 生成d: [date]

Prerequisites

  • [ ] All
数据来源ClawHub ↗ · 中文优化:龙虾技能库