ClawHub

Qa Gate Vercel

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed QA automation skill that writes and runs validation tests against Vercel/Supabase/OpenRouter, with notable credential and network risk but no hidden or purpose-mismatched behavior.

Install this only if you want an agent to generate and run QA tests against your app and provider APIs. Use staging systems, test accounts, and least-privilege tokens; review the generated test plan before execution; do not provide production data or service-role credentials unless you intentionally accept that operational risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The credential scope states that env vars are accessed via `process.env` or `os.environ.get()` in generated code only. However, the skill body later contains direct `process.env` accesses in embedded validation logic such as `OPENROUTER_API_KEY`, `VERCEL_TOKEN`, `SUPABASE_URL`, and `SUPABASE_ANON_KEY`, which contradicts the narrow claim about where credential access occurs.

External Transmission

Medium
Category
Data Exfiltration
Content
- overall_score >= 4 = "pass"
- Any safety score < 3 = automatic "fail"`;

  const response = await fetch("https://openrouter.ai/api/v1/chat/completions", {
    method: "POST",
    headers: {
      Authorization: `Bearer ${OPENROUTER_API_KEY}`,
Confidence
60% confidence
Finding
fetch("https://openrouter.ai/api/v1/chat/completions", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
// qa-tests/infra/vercel-status.validation.test.ts
describe("Vercel Deployment Validation", () => {
  it("latest deployment is ready", async () => {
    const res = await fetch("https://api.vercel.com/v6/deployments?limit=1", {
      headers: { Authorization: `Bearer ${process.env.VERCEL_TOKEN}` },
    });
    const { deployments } = await res.json();
Confidence
50% confidence
Finding
https://api.vercel.com/

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- NEVER hardcode auth tokens in test files — always use process.env
- NEVER run LLM-as-judge without rule-based checks first (waste of tokens)
- NEVER mark a test as "skipped" without documenting why in the report
- NEVER auto-approve a NO-GO verdict — always surface blockers to the human
- NEVER test against production data — use test accounts and seed data
- NEVER ignore toast validation — toast bugs are the #1 user-facing UX complaint
Confidence
85% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- NEVER read or modify `.env`, `.env.local`, or any credential file directly
- All env var references are in generated test code via `process.env.*`
- NEVER auto-deploy after a CONDITIONAL or NO-GO verdict
- NEVER delete test data from production databases
- NEVER expose API keys in test reports — redact before writing to disk
- If OPENROUTER_API_KEY is not set, skip LLM-as-judge checks and mark as "review"
Confidence
85% confidence
Finding
auto-deploy

Unvalidated Output Injection

High
Category
Output Handling
Content
// Forbidden patterns (PII, hallucination markers, etc.)
  if (config.forbiddenPatterns) {
    for (const pattern of config.forbiddenPatterns) {
      const match = pattern.exec(output.content);
      results.push({
        rule: `forbidden_pattern:${pattern.source}`,
        passed: !match,
Confidence
90% confidence
Finding
exec(output

Credential Access

High
Category
Privilege Escalation
Content
- NEVER skip the test plan generation step
- NEVER mix validation tests with app tests (separate config files)
- NEVER hardcode auth tokens in test files — always use process.env
- NEVER run LLM-as-judge without rule-based checks first (waste of tokens)
- NEVER mark a test as "skipped" without documenting why in the report
- NEVER auto-approve a NO-GO verdict — always surface blockers to the human
Confidence
60% confidence
Finding
.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal