Skip to main content

land-and-deploy

Automates the land and deploy workflow, merging PRs, managing CI, and verifying production health through canary checks.

Install this skill

or
0/100

Security score

The land-and-deploy skill was audited on Jun 3, 2026 and we found 66 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 22

Template literal with variable interpolation in command context

SourceSKILL.md
22```bash
medium line 261

Template literal with variable interpolation in command context

SourceSKILL.md
261```bash
medium line 661

Template literal with variable interpolation in command context

SourceSKILL.md
661```bash
medium line 860

Template literal with variable interpolation in command context

SourceSKILL.md
860```bash
medium line 526

Curl to non-GitHub URL

SourceSKILL.md
526curl -fsSL "https://bun.sh/install" -o "$tmpfile"
low line 23

Access to hidden dotfiles in home directory

SourceSKILL.md
23_UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true)
low line 25

Access to hidden dotfiles in home directory

SourceSKILL.md
25mkdir -p ~/.gstack/sessions
low line 26

Access to hidden dotfiles in home directory

SourceSKILL.md
26touch ~/.gstack/sessions/"$PPID"
low line 27

Access to hidden dotfiles in home directory

SourceSKILL.md
27_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
low line 28

Access to hidden dotfiles in home directory

SourceSKILL.md
28find ~/.gstack/sessions -mmin +120 -type f -exec rm {} + 2>/dev/null || true
low line 29

Access to hidden dotfiles in home directory

SourceSKILL.md
29_PROACTIVE=$(~/.claude/skills/gstack/bin/gstack-config get proactive 2>/dev/null || echo "true")
low line 30

Access to hidden dotfiles in home directory

SourceSKILL.md
30_PROACTIVE_PROMPTED=$([ -f ~/.gstack/.proactive-prompted ] && echo "yes" || echo "no")
low line 33

Access to hidden dotfiles in home directory

SourceSKILL.md
33_SKILL_PREFIX=$(~/.claude/skills/gstack/bin/gstack-config get skill_prefix 2>/dev/null || echo "false")
low line 37

Access to hidden dotfiles in home directory

SourceSKILL.md
37source <(~/.claude/skills/gstack/bin/gstack-repo-mode 2>/dev/null) || true
low line 40

Access to hidden dotfiles in home directory

SourceSKILL.md
40_LAKE_SEEN=$([ -f ~/.gstack/.completeness-intro-seen ] && echo "yes" || echo "no")
low line 42

Access to hidden dotfiles in home directory

SourceSKILL.md
42_TEL=$(~/.claude/skills/gstack/bin/gstack-config get telemetry 2>/dev/null || true)
low line 43

Access to hidden dotfiles in home directory

SourceSKILL.md
43_TEL_PROMPTED=$([ -f ~/.gstack/.telemetry-prompted ] && echo "yes" || echo "no")
low line 48

Access to hidden dotfiles in home directory

SourceSKILL.md
48mkdir -p ~/.gstack/analytics
low line 50

Access to hidden dotfiles in home directory

SourceSKILL.md
50echo '{"skill":"land-and-deploy","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/s
low line 53

Access to hidden dotfiles in home directory

SourceSKILL.md
53for _PF in $(find ~/.gstack/analytics -maxdepth 1 -name '.pending-*' 2>/dev/null); do
low line 55

Access to hidden dotfiles in home directory

SourceSKILL.md
55if [ "$_TEL" != "off" ] && [ -x "~/.claude/skills/gstack/bin/gstack-telemetry-log" ]; then
low line 56

Access to hidden dotfiles in home directory

SourceSKILL.md
56~/.claude/skills/gstack/bin/gstack-telemetry-log --event-type skill_run --skill _pending_finalize --outcome unknown --session-id "$_SESSION_ID" 2>/dev/null || true
low line 63

Access to hidden dotfiles in home directory

SourceSKILL.md
63eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true
low line 69

Access to hidden dotfiles in home directory

SourceSKILL.md
69~/.claude/skills/gstack/bin/gstack-learnings-search --limit 3 2>/dev/null || true
low line 75

Access to hidden dotfiles in home directory

SourceSKILL.md
75~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"land-and-deploy","event":"started","branch":"'"$_BRANCH"'","session":"'"$_SESSION_ID"'"}' 2>/dev/null &
low line 81

Access to hidden dotfiles in home directory

SourceSKILL.md
81_ROUTING_DECLINED=$(~/.claude/skills/gstack/bin/gstack-config get routing_declined 2>/dev/null || echo "false")
medium line 95

Access to hidden dotfiles in home directory

SourceSKILL.md
95`~/.claude/skills/gstack/[skill-name]/SKILL.md` for reading skill files.
medium line 97

Access to hidden dotfiles in home directory

SourceSKILL.md
97If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/gstack/gstack-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with
low line 106

Access to hidden dotfiles in home directory

SourceSKILL.md
106touch ~/.gstack/.completeness-intro-seen
medium line 123

Access to hidden dotfiles in home directory

SourceSKILL.md
123If A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry community`
medium line 134

Access to hidden dotfiles in home directory

SourceSKILL.md
134If B→A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry anonymous`
medium line 135

Access to hidden dotfiles in home directory

SourceSKILL.md
135If B→B: run `~/.claude/skills/gstack/bin/gstack-config set telemetry off`
low line 139

Access to hidden dotfiles in home directory

SourceSKILL.md
139touch ~/.gstack/.telemetry-prompted
medium line 155

Access to hidden dotfiles in home directory

SourceSKILL.md
155If A: run `~/.claude/skills/gstack/bin/gstack-config set proactive true`
medium line 156

Access to hidden dotfiles in home directory

SourceSKILL.md
156If B: run `~/.claude/skills/gstack/bin/gstack-config set proactive false`
low line 160

Access to hidden dotfiles in home directory

SourceSKILL.md
160touch ~/.gstack/.proactive-prompted
medium line 205

Access to hidden dotfiles in home directory

SourceSKILL.md
205If B: run `~/.claude/skills/gstack/bin/gstack-config set routing_declined true`
low line 262

Access to hidden dotfiles in home directory

SourceSKILL.md
262eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
medium line 338

Access to hidden dotfiles in home directory

SourceSKILL.md
338Before building anything unfamiliar, **search first.** See `~/.claude/skills/gstack/ETHOS.md`.
low line 343

Access to hidden dotfiles in home directory

SourceSKILL.md
343jq -n --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" --arg skill "SKILL_NAME" --arg branch "$(git branch --show-current 2>/dev/null)" --arg insight "ONE_LINE_SUMMARY" '{ts:$ts,skill:$skill,branch:$branch,i
low line 382

Access to hidden dotfiles in home directory

SourceSKILL.md
382~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"SKILL_NAME","type":"operational","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"observed"}'
medium line 397

Access to hidden dotfiles in home directory

SourceSKILL.md
397`~/.gstack/analytics/` (user config directory, not project files). The skill
low line 406

Access to hidden dotfiles in home directory

SourceSKILL.md
406rm -f ~/.gstack/analytics/.pending-"$_SESSION_ID" 2>/dev/null || true
low line 408

Access to hidden dotfiles in home directory

SourceSKILL.md
408~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"SKILL_NAME","event":"completed","branch":"'$(git branch --show-current 2>/dev/null || echo unknown)'","outcome":"OUTCOME","duration_s":"'"$_T
low line 411

Access to hidden dotfiles in home directory

SourceSKILL.md
411echo '{"skill":"SKILL_NAME","duration_s":"'"$_TEL_DUR"'","outcome":"OUTCOME","browse":"USED_BROWSE","session":"'"$_SESSION_ID"'","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' >> ~/.gstack/analytics/skill-
low line 414

Access to hidden dotfiles in home directory

SourceSKILL.md
414if [ "$_TEL" != "off" ] && [ -x ~/.claude/skills/gstack/bin/gstack-telemetry-log ]; then
low line 415

Access to hidden dotfiles in home directory

SourceSKILL.md
415~/.claude/skills/gstack/bin/gstack-telemetry-log \
medium line 434

Access to hidden dotfiles in home directory

SourceSKILL.md
434- Writing to `~/.gstack/` (config, analytics, review logs, design artifacts, learnings)
medium line 475

Access to hidden dotfiles in home directory

SourceSKILL.md
475~/.claude/skills/gstack/bin/gstack-review-read
low line 509

Access to hidden dotfiles in home directory

SourceSKILL.md
509[ -z "$B" ] && B=~/.claude/skills/gstack/browse/dist/browse
low line 662

Access to hidden dotfiles in home directory

SourceSKILL.md
662eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
low line 663

Access to hidden dotfiles in home directory

SourceSKILL.md
663if [ ! -f ~/.gstack/projects/$SLUG/land-deploy-confirmed ]; then
low line 667

Access to hidden dotfiles in home directory

SourceSKILL.md
667SAVED_HASH=$(cat ~/.gstack/projects/$SLUG/land-deploy-confirmed 2>/dev/null)
low line 833

Access to hidden dotfiles in home directory

SourceSKILL.md
833~/.claude/skills/gstack/bin/gstack-review-read 2>/dev/null
low line 861

Access to hidden dotfiles in home directory

SourceSKILL.md
861mkdir -p ~/.gstack/projects/$SLUG
low line 864

Access to hidden dotfiles in home directory

SourceSKILL.md
864echo "${CURRENT_HASH}-${WORKFLOW_HASH}" > ~/.gstack/projects/$SLUG/land-deploy-confirmed
low line 926

Access to hidden dotfiles in home directory

SourceSKILL.md
926~/.claude/skills/gstack/bin/gstack-review-read 2>/dev/null
low line 972

Access to hidden dotfiles in home directory

SourceSKILL.md
972cat ~/.claude/skills/gstack/review/checklist.md 2>/dev/null || echo "Checklist not found"
low line 1006

Access to hidden dotfiles in home directory

SourceSKILL.md
1006ls -t ~/.gstack-dev/evals/*-e2e-*-$(date +%Y-%m-%d)*.json 2>/dev/null | head -20
low line 1022

Access to hidden dotfiles in home directory

SourceSKILL.md
1022ls -t ~/.gstack-dev/evals/*-llm-judge-*-$(date +%Y-%m-%d)*.json 2>/dev/null | head -5
low line 1243

Access to hidden dotfiles in home directory

SourceSKILL.md
1243eval $(~/.claude/skills/gstack/bin/gstack-diff-scope $(gh pr view --json baseRefName -q .baseRefName 2>/dev/null || echo main) 2>/dev/null)
low line 1497

Access to hidden dotfiles in home directory

SourceSKILL.md
1497eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
low line 1498

Access to hidden dotfiles in home directory

SourceSKILL.md
1498mkdir -p ~/.gstack/projects/$SLUG
low line 101

External URL reference

SourceSKILL.md
101thing when AI makes the marginal cost near-zero. Read more: https://garryslist.org/posts/boil-the-ocean"
low line 105

External URL reference

SourceSKILL.md
105open https://garryslist.org/posts/boil-the-ocean
low line 526

External URL reference

SourceSKILL.md
526curl -fsSL "https://bun.sh/install" -o "$tmpfile"
Scanned on Jun 3, 2026
View Security Dashboard
Installation guide →
GitHub Stars 4
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawdevopsdevops-srebackend-developerproduct-managerdevelopmentproduct
forbotsake/forbotsake