📦 Agent Deployment Checklist — AI代理部署清单
v98.0.1为AI代理基础设施提供生产级部署清单,覆盖Mac Mini与服务器5层栈:基础安装、IAM配置、客户端软件、运行时环境与监控,确保上线零遗漏。
0· 201·1 当前·1 累计
by 下载技能包
最后更新
2026/3/17
安全扫描
OpenClaw
可疑
medium confidenceThe checklist largely matches its stated purpose (deploying agent infrastructure), but there are inconsistent instructions about credentials and some operational steps (network installers, unclear 3rd‑party installs) that deserve scrutiny before use.
评估建议
This checklist appears to be a reasonable deployment playbook, but do not follow it blindly. Before running any provided scripts: 1) Verify the origin of instal scripts (Homebrew, nvm, OpenClaw/Claude installers) and prefer vendor-signed releases or package managers you trust; avoid piping remote scripts into a shell without review. 2) Use least-privilege API keys and OAuth tokens; prefer a secrets manager over plaintext .env files when possible. If you must use a .env, enforce strict permission...详细分析 ▾
✓ 用途与能力
Name and description align with the checklist contents: base OS setup, IAM/configuration, client-specific installs, security hardening and onboarding. Requested actions (installing Homebrew, nvm, Python, configuring API keys, connecting client services like QuickBooks/GitHub/Anthropic) are appropriate for an agent deployment checklist.
⚠ 指令范围
SKILL.md contains concrete shell scripts and manual steps that will be executed by operators. It instructs live API calls to test API keys and to create a ~/.openclaw/workspace and git init. There is a direct contradiction: it says 'API keys stored in environment variables (never in files)' and also instructs creating a '.env' file with chmod 600. The document also references 'sacred' files (SOUL, IDENTITY, USER, AGENTS) without clear handling guidance. These inconsistencies broaden the agent operator's discretion and risk accidental exposure of secrets if followed blindly.
ℹ 安装机制
Skill is instruction-only (no install spec), which reduces static risk, but provided scripts call network installers (curl to raw.githubusercontent.com to install Homebrew, brew installs, nvm installs). Using remote install scripts (curl|bash patterns) is common but increases risk if sources aren't verified. 'Claude Code installed and licensed' and 'OpenClaw CLI installed' are referenced without authoritative install URLs or verification guidance.
⚠ 凭证需求
Although no env vars are declared in metadata, the checklist expects many credentials (Anthropic, OpenAI possibly, GitHub/GitLab tokens, MCP server credentials, QuickBooks, OAuth tokens, etc.). That breadth is expected for multi-client deployments, but it increases the attack surface and requires careful policy: the file contradicts itself about never storing keys in files vs creating a .env file. The checklist also instructs testing keys with live API calls which is reasonable but implies handling and transmission of secrets to external endpoints—operators should ensure use of least-privilege keys and secure storage (secret manager) rather than plaintext .env when possible.
✓ 持久化与权限
Metadata shows no always:true and no install artifacts embedded in the skill; it's user-invocable only. The skill does not request modification of other skills or system-wide agent settings. Persistence is limited to operator actions described in the instructions (creating workspace, installing packages).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv98.0.12026/3/16
Corrected display name
● Pending
安装命令
点击复制官方npx clawhub@latest install agent-deployment-checklist
镜像加速npx clawhub@latest install agent-deployment-checklist --registry https://cn.longxiaskill.com