Qa Gate
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: lobster-qa-gate Version: 1.0.0 The skill is a standardized quality assurance gate designed to help AI agents validate artifacts like code, documents, and PRDs. It includes a security-positive check for sensitive data (API keys, PII) and focuses on factual accuracy and structural integrity without any evidence of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change documents or code when the user expected only a QA assessment.
The skill applies to potentially important artifacts, including code, and instructs the agent to fix issues after a failed gate without clearly requiring user approval, scoping the edits, or preserving reversibility.
Run this skill on documents, skills, PRDs, blog posts, or code artifacts ... If FAIL, fix and re-validate. Fix all CRITICAL and MAJOR issues.
Change the workflow to report required fixes first, and require explicit user approval before modifying any artifact.
A user may trust the skill as non-mutating while it can still direct the agent to make changes.
The read-only assurance is contradicted by later instructions to fix issues, which may mislead users about what the skill will cause the agent to do.
It is a read-only release gate that determines whether an artifact is ready to move forward. QA Gate inspects artifacts but does not modify them. ... Fix all CRITICAL and MAJOR issues.
Make the documentation consistent: either keep the skill strictly report-only or clearly disclose an edit mode with approval requirements.
The agent may spend extra time gating or withhold delivery until the QA checklist passes.
This broad gatekeeping language is aligned with a QA-gate skill, but it also sets a strong stopping condition that could override a narrower user request.
Every document, skill, blog post, PRD, or code output should pass this gate before the principal sees it. ... Only present to principal after PASS or PASS WITH FIXES.
Use the skill when a QA gate is requested or part of the workflow, not as a universal requirement for every response.
Sensitive artifacts could be exposed to an additional model if this mode is used carelessly.
The optional cross-model mode may involve sending artifact content to another model or provider, but the artifacts do not define the data boundary or approval process.
`--dual`: Use cross-model QA validation when the artifact is high-stakes, ambiguous, or worth the extra cost/latency for a second independent quality pass.
Use cross-model validation only with explicit user consent and only for artifacts suitable for the additional provider.
It may be harder to confirm exactly which package identity or version is being reviewed.
The included _meta.json does not match the registry metadata shown for this evaluation, which lists a different owner ID, slug, and version.
"ownerId": "kn7b3n5k9r8xhw7gcdaavm0vxn831xpx", "slug": "qa-gate", "version": "1.1.0"
Verify the publisher, slug, and version before relying on this skill in a workflow.