Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Qa Gate Gcp
v0.1.1Pre-production validation gate for GCP stack (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform) — generates test plans, e...
⭐ 0· 350·0 current·0 all-time
byGuilherme Favaron@guifav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a GCP pre-production validation gate, which legitimately needs GCP project/region info and gcloud. However registry metadata at the top lists no required env/binaries while claw.json declares required binaries (node, npx, git, gcloud) and env vars (OPENROUTER_API_KEY, GCP_PROJECT_ID, GCP_REGION, GOOGLE_APPLICATION_CREDENTIALS). This inconsistency in declared requirements is unexplained and confusing to a user evaluating needed privileges.
Instruction Scope
SKILL.md instructs scanning the repository (package.json, source files), generating validation scripts, and performing LLM-as-judge evaluations. It promises not to read/modify .env or credential files directly, but also says generated code will read env vars and may call external LLMs. The instructions do not clearly limit what content is sent to the external LLM (OPENROUTER), so sensitive repository contents or infra details could be transmitted without explicit redaction rules.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute from a remote URL — lowest install risk. It does declare required binaries in claw.json, which is reasonable for the described tasks (node, git, gcloud).
Credentials
Requesting GCP_PROJECT_ID, GCP_REGION and GOOGLE_APPLICATION_CREDENTIALS is proportionate to inspecting GCP infra, but these are highly sensitive (service account credentials). OPENROUTER_API_KEY is also requested for LLM evaluations; using an external LLM for judging outputs is plausible but not essential for infra checks and increases risk of exfiltration. The metadata does not make clear whether OPENROUTER use is optional or how data is redacted before being sent.
Persistence & Privilege
The skill requires filesystem and network permissions (declared in claw.json) so it can scan the repo and call external services and writes reports (e.g., qa-reports/test-plan.json). always:false (normal). No indications it modifies other skills or requires permanent platform-level privileges.
What to consider before installing
Things to check before installing or running this skill:
- Reconcile metadata: ask the author to fix the inconsistent registry fields (top-level 'required env vars/binaries' vs claw.json).
- Treat GOOGLE_APPLICATION_CREDENTIALS as sensitive: run the skill with a least-privilege service account (avoid owner/editor) and consider using a read-only auditing account.
- Treat OPENROUTER_API_KEY as high-risk for data exposure: confirm whether LLM-as-judge sends raw source, secrets, or credentials to the external endpoint; request explicit redaction rules or allow LLM evaluation to be disabled.
- Inspect generated scripts before execution (they are created by the skill): ensure they do not leak secrets or upload entire repo contents to external services.
- Prefer running the skill in an isolated environment (ephemeral VM/container) without access to production secrets, or run a dry-run that generates the plan but does not execute external calls.
- If you must provide GOOGLE_APPLICATION_CREDENTIALS, create a narrowly privileged service account and rotate/delete the key after use.
- Ask the author to document which data is sent to external LLMs and to make OPENROUTER usage optional. If the author cannot clarify or refuses, treat the skill as higher risk and avoid providing real credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97ev6ztcb7gh9m0p6j5myspx983f6m9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.