Pulse
22d9f5b21d
Novas skills instaladas: - openclaw-agent-browser v1.0.0 CLI Chromium — navegação, login, screenshots, state - skill-security-audit v1.0.0 SAST scanning, prompt injection, secrets audit - sql-toolkit v1.0.0 PostgreSQL/MySQL/SQLite — schema, query, otimização - file v1.0.0 Organização de arquivos por contexto - file-summary v1.0.0 Extração e resumo de PDFs, Word, Excel Workspace expandido: - TOOLS.md: +Browser automation, Security audit, SQL, File management - AGENTS.md: +Linux Analyst section (comandos, logs, rede, scripts) + Full-stack strategy - MEMORY.md: 16 skills indexadas, stack map, comandos Linux ref - SESSION-STATE.md: atualizado com contexto completo - lock.json: sincronizado com 16 skills instaladas
43 lines
1.6 KiB
Markdown
43 lines
1.6 KiB
Markdown
# Security Policy — xCloud Docker Deploy Skill
|
|
|
|
## Overview
|
|
|
|
This skill contains **no executable scripts**. It is a pure documentation and instruction set that guides AI agents to transform `docker-compose.yml` files for xCloud deployment.
|
|
|
|
## What This Skill Contains
|
|
|
|
| File | Type | Network Access | Code Execution |
|
|
|------|------|----------------|----------------|
|
|
| `SKILL.md` | Instructions | None | None |
|
|
| `references/*.md` | Reference docs | None | None |
|
|
| `assets/github-actions-build.yml` | Template (YAML) | None — template only | None |
|
|
| `examples/*.md` | Example docs | None | None |
|
|
|
|
## What This Skill Does NOT Do
|
|
|
|
- No scripts, binaries, or executables
|
|
- No network requests of any kind
|
|
- No file system modifications
|
|
- No subprocess calls
|
|
- No data collection or telemetry
|
|
|
|
## Generated Output Security
|
|
|
|
The skill guides AI agents to generate:
|
|
|
|
1. **Modified `docker-compose.yml`** — removes `build:` directives and proxy services. No security-sensitive changes.
|
|
2. **GitHub Actions workflow** — uses `GITHUB_TOKEN` (scoped to the repository, no extra permissions). The `packages: write` permission is required only to push to GHCR.
|
|
3. **`.env.example`** — lists variable names only, no values. Never hardcodes secrets.
|
|
|
|
## Reporting Vulnerabilities
|
|
|
|
If you find a security issue with this skill or its generated output, open an issue at:
|
|
https://github.com/Asif2BD/xCloud-Docker-Deploy-Skill/issues
|
|
|
|
## Provenance
|
|
|
|
- Source: https://github.com/Asif2BD/xCloud-Docker-Deploy-Skill
|
|
- ClawHub: https://clawhub.ai/Asif2BD/xcloud-docker-deploy
|
|
- Author: M Asif Rahman / Asif2BD
|
|
- Audited by: Oracle (Matrix Zion) — 2026-03-03
|