ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gcp Fullstack

v0.1.4

Complete development lifecycle super agent for GCP — scaffolding, compute, database, auth, feature generation, testing, pre-production QA gate with go/no-go...

0· 697·0 current·0 all-time
byGuilherme Favaron@guifav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name and description (GCP full‑stack lifecycle + Cloudflare) match the commands and templates in SKILL.md and the docs. However the higher‑level registry metadata at the top of the package (the evaluation summary) reports "Required env vars: none" and "Required binaries: none", while the included claw.json explicitly requires many binaries (node, git, gh, gcloud, docker, curl, jq) and a long list of environment variables (GCP_PROJECT_ID, GOOGLE_APPLICATION_CREDENTIALS, CLOUDFLARE_API_TOKEN, FIREBASE_PRIVATE_KEY, etc.). That mismatch between declared top‑level requirements and the actual claw.json is an incoherence that should be clarified.
Instruction Scope
SKILL.md contains concrete runtime instructions (gcloud, docker, firebase, Cloud Run, Cloud SQL, Cloudflare curl calls, creating buckets, running migrations, making DNS changes). Those actions are all within the claimed scope, and safety rules (confirm before destructive ops, avoid committing .env) are present. Still, these instructions will cause real changes to cloud resources and DNS if executed, so they require user confirmation and least‑privilege credentials before running.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files to run at install time; that minimizes installation risk. The agent will propose/execute command‑line actions only.
!
Credentials
claw.json requests many sensitive environment variables (GOOGLE_APPLICATION_CREDENTIALS, FIREBASE_PRIVATE_KEY, CLOUDFLARE_API_TOKEN, OPENROUTER_API_KEY, multiple NEXT_PUBLIC_* vars). For a GCP fullstack deployer, GCP credentials and a Cloudflare API token are reasonable, but the manifest appears to require a broader set (including private keys and many Firebase server secrets). Additionally, the top summary reported no required env vars while claw.json lists many — that overcollection and the manifest mismatch are concerning and deserve clarification. OPENROUTER is described as optional in the docs but appears in the required list.
Persistence & Privilege
The skill is not marked always:true and is user‑invocable. claw.json declares permissions for filesystem and network (expected for a scaffold/deploy skill). There is no evidence the skill attempts to persistently modify other skills or platform configuration beyond normal file and network operations.
What to consider before installing
Do not run this skill against production or provide service account / Cloudflare tokens until you verify a few things: (1) Clarify the mismatch between the package summary (which lists no required env vars/binaries) and the included claw.json (which lists many required binaries and sensitive env vars). Ask the author why those top‑level fields differ. (2) If you proceed, create a dedicated sandbox GCP project and Cloudflare zone, and provide a service account limited to only the permissions needed (deploy to Cloud Run, manage specified Cloud SQL/Firestore resources, Secret Manager access) rather than a broad owner key. (3) Keep Firebase private keys and CLOUDFLARE_API_TOKEN out of repositories — inject them at runtime via Secret Manager or CI secrets. (4) Confirm whether OPENROUTER_API_KEY is necessary; if you won't use LLM QA, do not supply it. (5) Review any planned destructive operations in the Planning Protocol step and require explicit human confirmation before running destructive gcloud commands (drop/delete). (6) Consider running the skill in a restricted environment (sandbox VM, ephemeral CI runner) first to observe the exact commands it executes. If the author cannot explain the manifest inconsistencies or justify every required secret, treat the skill as unsafe for production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9711s8714qm9f83vvg2d76xg983f1nj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments