Safety Report

AppDeploy

Name: AppDeploy
Rating: 5 (8 reviews)
Author: avimak

Deploy web apps with backend APIs, database, file storage, AI operations, authentication, realtime, and cron jobs. Use when the user asks to deploy or publis...

2,633Downloads

3Installs

8Stars

5Versions

API Integration4,971 Workflow Automation3,323 Search & Retrieval2,116 File Management2,100

Security Analysis

medium confidence

Clean0.04 risk

The skill's requirements and instructions are internally consistent with a deployment tool, but it will create/register API keys and upload project files to an external endpoint you should verify and trust before use.

Mar 4, 20262 files1 concern

Purpose & Capabilityok

Name/description match the instructions: the SKILL.md describes calling an AppDeploy HTTP API to get templates, upload files, and manage deployments. It does not request unrelated credentials, binaries, or system paths.

Instruction Scopenote

Instructions stay within deployment scope (look for .appdeploy in project root, register an API key with api-v2.appdeploy.ai, send files and diffs). This necessarily requires reading project files and transmitting them to the AppDeploy endpoint — expected for a deploy tool but a privacy/exfiltration vector you should consider. The skill also requires calling get_deploy_instructions before generating code (reasonable).

Install Mechanismok

No install spec and no code files—instruction-only—so nothing is written to disk by an installer. Low install risk.

Credentialsok

No environment variables or unrelated credentials are requested. The skill uses an API key stored in a local .appdeploy file, which is appropriate for a hosted deployment service.

Persistence & Privilegeok

The skill is not always-enabled and does not ask to modify other skills or system settings. It can be invoked autonomously (platform default) which, combined with its ability to upload files, is something you should control via agent permissions but is not inherently incoherent.

Guidance

This skill appears to do what it says (deploy apps) and doesn't request unrelated secrets, but it will: (1) call an external API at api-v2.appdeploy.ai, (2) create/register an API key for you, and (3) upload project files. Before installing or invoking it, verify you trust the AppDeploy service (look for a homepage, docs, or organization), and review what files the agent will send. Prefer running on non-sensitive/test projects first. Be cautious about allowing autonomous invocation — require explicit user approval before the agent registers keys or uploads code. Ensure .gitignore includes .appdeploy and that saved API keys are stored only where you intend. If you need higher assurance, ask the skill author for a homepage, privacy/terms, or an official SDK/release URL to validate the service identity.

Latest Release

v1.0.7

- Added LICENSE.txt file to the repository. - Updated skill description to include AI operations, authentication, realtime, and cron jobs. - Enhanced the deploy_app tool with required model and intent parameters. - Improved get_app_status tool: added an optional 'limit' parameter for log retrieval. - Bumped skill version to 1.0.7.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @avimak on ClawHub