Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GStack Agent
v1.0.0Garry Tan(YC CEO)的软件工厂套件。提供从产品思考→架构→设计→编码→测试→发布→复盘的完整 AI 角色化工作流。 包含 CEO、设计师、工程师、QA、发布经理等 20+ 个专职 agent 角色。 当用户说"帮我做产品评审"、"做代码审查"、"跑 QA"、"发布代码"、"写文档"时触发对应角色。
⭐ 0· 93·0 current·0 all-time
by@rocbond
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a comprehensive software-delivery toolkit (product, design, code review, QA, ship, deploy) which aligns with the skill name and description. However, many listed actions (git operations, creating PRs, merging, deploying, running tests, taking browser screenshots, monitoring production logs) implicitly require access to tooling and credentials that are not declared in the skill metadata. The capability set itself is coherent with the description, but the lack of declared access requirements is a transparency gap.
Instruction Scope
Runtime instructions tell the agent to run repo-scoped commands (e.g., 'git fetch && git rebase origin/main', 'git diff', auto-fix code and push), execute tests, trigger deployments and smoke tests, check console errors, and take screenshots. These are within the claimed domain but include potentially destructive actions (automatic code fixes, merging, one-click reverts, deployment triggers). The SKILL.md is generally specific about flows, but it grants the agent broad discretion to modify code and push changes when it has access — that risk should be explicit and controlled.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk (nothing is written to disk by an installer).
Credentials
The skill declares no required environment variables or credentials, yet multiple features explicitly require authenticated access (git write access, CI permissions, deployment platform credentials, possibly browser automation or cloud monitoring API keys). This mismatch—'asks for actions that need creds' but 'declares none'—is a transparency and proportionality concern. Users should not assume no secrets are needed; the skill will require credentials to perform many of its actions.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges in the metadata. It can invoke autonomously (platform default), which combined with repository/deploy access would increase impact, but autonomous invocation alone is normal and not a decisive negative here.
What to consider before installing
This skill appears to do what it says (product/design/code/QA/ship), but its runbook expects to perform authenticated repo and deployment actions while the registry metadata lists no credentials—ask the publisher or registry to clarify required credentials and permissions before installing. If you plan to use it: 1) run it first in a fork or isolated test repo; 2) grant the minimum required permissions (prefer read-only tokens for review flows); 3) avoid giving it broad write/merge/deploy keys unless you trust it and can audit changes; 4) require manual approval for any merge or deployment step; and 5) consider disabling autonomous invocation or restricting it to dry-run mode until you’ve validated behavior. If the publisher cannot clearly state which credentials are needed and why, treat the skill as risky.Like a lobster shell, security has layers — review code before you run it.
latestvk97e63qzbw2vvhqdnxah2khrm183cvc2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.