by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill appears to perform a legitimate deployment, but it embeds a plaintext Git token (and Git URL) directly in scripts rather than using declared environment variables or secret management. Before installing or running: (1) do not use the embedded token—replace it with a properly scoped token stored in an env var or secret store and update the script/metadata to declare that env var; (2) verify the token's scope and rotate it if you suspect it was leaked; (3) review the repository being cl...详细分析 ▾
ℹ 用途与能力
The name, description, SKILL.md, and scripts/deploy.sh are consistent: they clone, build, commit, and push a SvelteKit frontend to a GitLab instance. However, the script contains an embedded repository URL and a long token; the skill metadata declares no required environment variables or credentials — storing credentials in the script instead of declaring them is a mismatch and unnecessary for the stated purpose.
✓ 指令范围
The runtime instructions and included script stay within deployment scope: cloning/updating the repo, npm install, npm run build, git add/commit/push. The script does not attempt to read unrelated system files or contact unexpected external endpoints beyond the stated GitLab host. Note: npm install and build will execute code from the repo's dependencies (normal for builds but a supply-chain risk).
✓ 安装机制
There is no install spec and the skill is instruction-only with a single shell script. No arbitrary downloads from untrusted URLs are performed by the skill itself. The only network operations are git clone/push to the declared git.homelab host and npm fetches as part of a normal build.
⚠ 凭证需求
The deploy.sh script hardcodes a Git URL and a long secret token (TOKEN) inside the script rather than declaring a required credential or using environment variables. The skill metadata lists no required env vars or primary credential, so the presence of a plaintext credential in code is disproportionate and inconsistent with the metadata. Hardcoded tokens are high-risk (easy to leak or accidentally commit elsewhere).
✓ 持久化与权限
The skill does not request persistent/always-on privileges (always: false) and does not modify other skills or system-wide agent settings. The agent can invoke it autonomously (default) which is normal, but if allowed to run autonomously it would have network access to the Git host and the embedded token—combine with the credential concern above when deciding permissions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/16
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install sigmaflow-deploy
镜像加速npx clawhub@latest install sigmaflow-deploy --registry https://cn.longxiaskill.com