OpenGemini SaaS Builder
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent SaaS-building helper, but it can use your local Gemini, GitHub, and Vercel CLIs to generate docs, publish code, and deploy when requested.
This skill appears safe for its stated SaaS-building purpose if you intend to use Gemini, GitHub, and possibly Vercel. Before running helper scripts, verify the current folder, logged-in accounts, repo visibility, and deployment target. Avoid putting secrets or private customer data into Gemini prompts, and review generated docs—especially Rules.md—before relying on them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the skill can create repositories, push code, or deploy an app using the user's accounts.
The skill explicitly supports external side effects through GitHub and Vercel, but also documents that they require explicit user intent.
These actions change the outside world and should be treated as explicit-user-intent actions: - creating remote repos - pushing commits to remote - creating cloud projects - deploying to Vercel
Before allowing repo creation or deployment, confirm the target directory, repository name, visibility, authenticated account, and that no secrets are being published.
Actions will run with whatever GitHub or Vercel account is currently logged in on the machine.
The skill relies on the user's locally authenticated GitHub and Vercel identities for account-level operations.
If `gh auth status` fails, do not promise automatic repo creation yet. - If `vercel whoami` fails, do not promise deployment yet.
Run `gh auth status` and `vercel whoami` yourself if needed, and verify the account and organization before publishing or deploying.
Users may not realize from metadata alone that the skill depends on separately installed and authenticated local CLI tools.
The registry metadata does not declare the Gemini, GitHub CLI, or Vercel CLI dependencies that the skill documentation and scripts expect.
Required binaries (all must exist): none Env var declarations: none Primary credential: none Install specifications: No install spec — this is an instruction-only skill.
Install CLIs only from trusted sources and review the skill documentation before running its helper scripts.
Business ideas, requirements, or other prompt contents may be sent outside the local OpenClaw session.
User-provided project details are passed to Gemini CLI, which may involve an external provider depending on the user's Gemini setup.
Brief: ${brief}
...
gemini -p "$prompt" > "$out"Do not include passwords, API keys, customer data, or confidential business details in Gemini prompts unless you are comfortable sharing them with that provider.
Generated project rules could become trusted guidance for future coding sessions even if they contain mistakes or overly broad instructions.
The skill can generate a persistent Rules.md file from LLM output, which may later influence project behavior or agent instructions.
out="${3:-Rules.md}"
...
gemini -p "$prompt" > "$out"Review and edit generated Rules.md content before treating it as authoritative.