Gcp Fullstack
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its GCP development purpose, but it gives the agent broad ability to change code, cloud infrastructure, GitHub, and Cloudflare settings with limited explicit approval gates.
Install only if you are comfortable giving an agent controlled access to your GCP project, GitHub workflow, and Cloudflare zone. Use a sandbox project first, provide least-privilege tokens, require manual confirmation before production deploys or DNS/CDN changes, and review generated scripts and commands before they run.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad request could lead the agent to change the live service or repository state, affecting users and production infrastructure.
These instructions can mutate the production branch, build containers, and deploy to Cloud Run. The surrounding workflow requires checks, but does not clearly require explicit user approval before the production-impacting merge/deploy path.
Cloud Run Deploy (production flow) ... git checkout main && git pull origin main ... git merge --squash <branch-name> ... gcloud builds submit ... gcloud run deploy <service-name>
Require explicit user confirmation for production deploys, branch merges, traffic changes, public access changes, and any command that mutates live cloud resources.
A mistaken Cloudflare or DNS change could make the site unavailable, block legitimate users, or route traffic incorrectly.
DNS, SSL, rate limiting, bot settings, and cache purges can affect all public traffic for a domain. The artifact presents these as standard setup steps without a clear approval/rollback gate for each change.
Standard Setup for New Projects (Cloudflare) ... Add CNAME record ... Set SSL to Full (Strict) ... Enable Always Use HTTPS ... Add rate limiting ... Enable Bot Fight Mode ... Purge cache after every production deployment.
Show the exact Cloudflare changes before applying them, require user approval, and document rollback commands for DNS, SSL, WAF/rate-limit, and cache changes.
Users may believe credentials are never used for direct provider API changes, even though the docs include direct Cloudflare API calls.
A curl request to the Cloudflare API using the token is still an API call with a credential. This wording can understate how credentials are used.
`CLOUDFLARE_API_TOKEN` and `CLOUDFLARE_ZONE_ID` are used exclusively via `curl` calls to the Cloudflare API v4 ... The skill never makes direct API calls with any of these credentials.
Clarify the credential statement to say the skill may call provider CLIs/APIs when the user approves relevant actions, and specify exactly which credentials are used for which operations.
If these credentials are over-privileged, mistakes by the agent could affect cloud resources, DNS, secrets, or deployed applications.
These are powerful cloud, Firebase, Cloudflare, and external-provider credentials. Their use is mostly purpose-aligned for deployment and setup, but they should be scoped carefully.
"env": [ "GCP_PROJECT_ID", "GCP_REGION", "GOOGLE_APPLICATION_CREDENTIALS", ... "FIREBASE_PRIVATE_KEY", "CLOUDFLARE_API_TOKEN", "CLOUDFLARE_ZONE_ID", "OPENROUTER_API_KEY" ]
Use least-privilege service accounts and Cloudflare tokens, restrict them to a test project/zone when possible, and avoid granting broad owner/admin roles.
A compromised or changed upstream package could affect generated projects or local development machines.
The skill relies on live npm generators and packages, often using latest versions. This is normal for scaffolding, but it means the executed code comes from external package sources at runtime.
`npx create-next-app@latest <name>` ... `npx nuxi@latest init <name>` ... `npm install firebase firebase-admin`
Prefer pinned versions for repeatable builds, review generated files before committing, and run package-manager audit tools where appropriate.
Project text or generated app content used for QA evaluation could leave the local environment depending on the generated script.
The artifact discloses optional external LLM-based QA evaluation. It does not show hidden exfiltration, but evaluated content may be sent to an external provider if that path is used.
`OPENROUTER_API_KEY` is used in generated QA validation scripts for LLM-as-judge content quality evaluation.
Use the OpenRouter-based QA path only with non-sensitive content or after reviewing the generated script and provider data-handling terms.