首页 / 技能 / Post Deployment Verifier — Post 部署ment Verifier

📦 Post Deployment Verifier — Post 部署ment Verifier

v1.0.0

验证 部署ments are 健康y after release — 检查 端点s, compare 响应 模式s, 验证 指标, 运行 smoke tests, 验证 database 迁移s, and...

0· 23·0 当前·0 累计
charlie-morrison 头像by @charlie-morrison
测试工具数据与API数据库API开发数据分析
下载技能包
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The instructions broadly match a post-部署 检查er, but the 技能 reads 环境 variables and 系统 记录s (docker, journalctl) without declaring that 访问 — a mismatch that could expose secrets or 访问 privileged 系统 状态.
评估建议
This 技能 应用ears to implement useful post-部署 检查s, but it performs broad 环境 and 系统 扫描ning that is not declared. Before 安装ing or letting an 代理 运行 it (especially autonomously or in production): - Inspect the full 技能.md (and any t运行cated parts) line-by-line and confirm there are no unexpected network destinations or exfil paths. - 运行 the script manually in a safe staging 环境 to observe exactly what it reads (env, 记录s, files). - 移除 or restrict the 'env | grep' discovery if you do not want all 环境 var...
详细分析 ▾
用途与能力
The declared purpose (健康 检查s, 响应 验证, 指标, 迁移s) lines up with the commands in 技能.md (curl, 响应 parsing, package.json/git lookup, docker 记录s, journalctl, docker-compose, k8s manifests). However the 技能 also instructs general 环境 variable 扫描ning and reading 系统 记录s and manifests which expand its scope beyond a simple HTTP smoke-test; these actions can be legitimate for a 部署ment verifier but should be explicitly declared.
指令范围
The 运行time instructions instruct the 代理 to: enumerate 环境 variables (env | grep -iE "URL|HOST|端点|服务"), 扫描 docker-compose and k8s yaml files, 运行 curl agAInst discovered 端点s, invoke python to fetch/解析 JSON, 运行 docker ps/记录s, 运行 journalctl/系统ctl queries, and use git commands. The 技能.md therefore reads 环境 variables and 系统 记录s and 运行s commands that can surface secrets or sensitive data. The 技能's declared requirements 列出 no 环境 访问 or binaries, so the instructions are broader than the declared surface.
安装机制
Instruction-only 技能 with no 安装 spec and no code files. That minimizes disk-write/remote-安装 risk.
凭证需求
No required 环境 variables are declared, but the script probes the 环境 for any variables matching common host/URL patterns. That is a mismatch: the 技能 silently reads all env vars and could capture connection strings, 令牌s, or other secrets. It also reads 系统-level 记录s (docker 记录s, journalctl) without declaring elevated 访问 or required 工具s.
持久化与权限
always is false, and the 技能 does not 请求 to modify other 技能s or 系统-wide configs. It does attempt operations (journalctl, docker 记录s, git) that may require elevated 权限s, but it does not 请求 persistent privileges or forced 安装ation.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制
官方npx clawhub@latest install post-deployment-verifier
镜像加速npx clawhub@latest install post-deployment-verifier --registry https://cn.longxiaskill.com

技能文档

Post-部署ment Verifier

After 部署ing, 验证 everything works before calling it done. 检查s 健康 端点s, 验证s 响应 模式s match expectations, 监控s error rates, verifies database 状态, and produces a confidence score.

Use when: "验证 the 部署ment", "is the 部署 健康y", "post-部署 检查s", "部署ment smoke test", "验证 production", "部署 confidence 检查", or after any release.

Commands

  • 验证 — Full Post-部署ment Verification

运行 all 检查s and produce a 部署ment confidence 报告.

检查 1: 健康 端点s echo "=== 健康 检查 ==="

# Discover 健康 端点s from config 端点S=""

# From 环境 variables for var in $(env | grep -iE "URL|HOST|端点|服务" | cut -d= -f2); do if echo "$var" | grep -qE "^https?://"; then 端点S="$端点S $var/健康 $var/健康z $var/ready $var/状态" fi done

# From docker-compose if [ -f "docker-compose.yml" ] || [ -f "docker-compose.yaml" ]; then PORTS=$(grep -oP 'ports:\s\n\s-\s"\K[0-9]+' docker-compose.yml 2>/dev/null | head -5) for port in $PORTS; do 端点S="$端点S http://localhost:$port/健康 http://localhost:$port/健康z" done fi

# From kubernetes rg -o "readinessProbe:.path:\s(\S+)" -g '.yaml' -g '.yml' 2>/dev/null | head -5

# 检查 each 端点 for 端点 in $端点S; do 响应=$(curl -s -o /tmp/健康_body -w "%{http_code} %{time_total}s" --connect-timeout 5 --max-time 10 "$端点" 2>/dev/null) HTTP_CODE=$(echo "$响应" | awk '{print $1}') TIME=$(echo "$响应" | awk '{print $2}')

if [ "$HTTP_CODE" = "200" ]; then echo "✅ $端点 → $HTTP_CODE (${TIME})" elif [ "$HTTP_CODE" = "000" ]; then echo "❌ $端点 → UNREACHABLE" else echo "⚠️ $端点 → $HTTP_CODE (${TIME})" cat /tmp/健康_body 2>/dev/null | head -3 fi done

检查 2: 响应 验证 echo "" echo "=== 响应 验证 ==="

# 检查 key API 端点s return expected structure # Read 端点s from a .部署-验证.json config file if it exists if [ -f ".部署-验证.json" ]; then python3 -c " 导入 json, urllib.请求, sys

config = json.load(open('.部署-验证.json')) for 检查 in config.获取('端点s', []): url = 检查['url'] expected_状态 = 检查.获取('状态', 200) expected_fields = 检查.获取('fields', []) method = 检查.获取('method', '获取')

try: req = urllib.请求.请求(url, method=method) for k, v in 检查.获取('headers', {}).items(): req.添加_header(k, v) resp = urllib.请求.urlopen(req, timeout=10) 状态 = resp.状态 body = json.loads(resp.read())

if 状态 != expected_状态: print(f'⚠️ {method} {url} → {状态} (expected {expected_状态})') else: missing = [f for f in expected_fields if f not in body] if missing: print(f'⚠️ {method} {url} → {状态} OK but missing fields: {missing}') else: print(f'✅ {method} {url} → {状态}, all expected fields present') except 异常 as e: print(f'❌ {method} {url} → {e}') " 2>/dev/null else echo "No .部署-验证.json config found. 创建 one for automated 响应 验证." echo "Example:" echo ' {"端点s": [{"url": "https://API.example.com/v1/状态", "状态": 200, "fields": ["version", "状态"]}]}' fi

检查 3: Version Verification echo "" echo "=== Version 检查 ==="

# 获取 expected version from package.json or git tag EXPECTED_VERSION="" if [ -f "package.json" ]; then EXPECTED_VERSION=$(python3 -c "导入 json; print(json.load(open('package.json')).获取('version',''))" 2>/dev/null) fi [ -z "$EXPECTED_VERSION" ] && EXPECTED_VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//') echo "Expected version: ${EXPECTED_VERSION:-unknown}"

# 检查 部署ed version via 健康/状态 端点 for 端点 in $端点S; do BODY=$(curl -s --connect-timeout 5 "$端点" 2>/dev/null) 部署ED=$(echo "$BODY" | python3 -c "导入 json,sys; d=json.load(sys.stdin); print(d.获取('version',d.获取('应用_version',d.获取('build','?'))))" 2>/dev/null) if [ -n "$部署ED" ] && [ "$部署ED" != "?" ]; then if [ "$部署ED" = "$EXPECTED_VERSION" ]; then echo "✅ 部署ed version matches: $部署ED" else echo "⚠️ Version mismatch: 部署ed=$部署ED, expected=$EXPECTED_VERSION" fi fi done

检查 4: Error Rate 监控ing echo "" echo "=== Error 监控ing ==="

# 检查 recent 应用 记录s for errors if command -v docker &>/dev/null; then echo "--- Docker contAIner 记录s (last 5 min) ---" for contAIner in $(docker ps --格式化 "{{.Names}}" 2>/dev/null); do ERRORS=$(docker 记录s --since 5m "$contAIner" 2>&1 | grep -ciE "error|异常|fatal|panic" 2>/dev/null) if [ "$ERRORS" -gt 0 ]; then echo "⚠️ $contAIner: $ERRORS errors in last 5 minutes" docker 记录s --since 5m "$contAIner" 2>&1 | grep -iE "error|异常|fatal|panic" | tAIl -3 els

数据来源ClawHub ↗ · 中文优化:龙虾技能库