Roberto/pulse-libs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2b190c85d1bbf5492326a054084ea0186620016c
pulse-libs/skills/xcloud-docker-deploy/SECURITY.md
T
Pulse 22d9f5b21d feat: skill expansion — browser, security, SQL, files (16 skills total) 
Novas skills instaladas:
- openclaw-agent-browser   v1.0.0  CLI Chromium — navegação, login, screenshots, state
- skill-security-audit    v1.0.0  SAST scanning, prompt injection, secrets audit
- sql-toolkit             v1.0.0  PostgreSQL/MySQL/SQLite — schema, query, otimização
- file                    v1.0.0  Organização de arquivos por contexto
- file-summary            v1.0.0  Extração e resumo de PDFs, Word, Excel

Workspace expandido:
- TOOLS.md: +Browser automation, Security audit, SQL, File management
- AGENTS.md: +Linux Analyst section (comandos, logs, rede, scripts) + Full-stack strategy
- MEMORY.md: 16 skills indexadas, stack map, comandos Linux ref
- SESSION-STATE.md: atualizado com contexto completo
- lock.json: sincronizado com 16 skills instaladas
2026-05-19 20:51:05 -03:00

1.6 KiB
Raw Blame History

Security Policy — xCloud Docker Deploy Skill

Overview

This skill contains no executable scripts. It is a pure documentation and instruction set that guides AI agents to transform docker-compose.yml files for xCloud deployment.

What This Skill Contains

File Type Network Access Code Execution
SKILL.md Instructions None None
references/*.md Reference docs None None
assets/github-actions-build.yml Template (YAML) None — template only None
examples/*.md Example docs None None

What This Skill Does NOT Do

  • No scripts, binaries, or executables
  • No network requests of any kind
  • No file system modifications
  • No subprocess calls
  • No data collection or telemetry

Generated Output Security

The skill guides AI agents to generate:

  1. Modified docker-compose.yml — removes build: directives and proxy services. No security-sensitive changes.
  2. GitHub Actions workflow — uses GITHUB_TOKEN (scoped to the repository, no extra permissions). The packages: write permission is required only to push to GHCR.
  3. .env.example — lists variable names only, no values. Never hardcodes secrets.

Reporting Vulnerabilities

If you find a security issue with this skill or its generated output, open an issue at: https://github.com/Asif2BD/xCloud-Docker-Deploy-Skill/issues

Provenance

Reference in New Issue View Git Blame Copy Permalink