Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gstack Pro
v1.0.0Transform your AI assistant into a structured virtual software engineering team with 10 specialist roles — inspired by Garry Tan's GStack (YC CEO, 16K GitHub...
⭐ 1· 98·0 current·0 all-time
bymingyuan@zmy1006-sudo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a multi-role AI engineering team) aligns with the instructions: architecture, code review, QA, shipping and retros. The requested actions (git, gh, npm, browser-driven QA, spawning subagents) are appropriate for that purpose. However, the skill does not declare that it requires access to repository credentials, GitHub CLI auth, or browser login credentials — which are logically needed for the described shipping/PR and browser QA flows.
Instruction Scope
SKILL.md instructs the agent to run repository and release commands (git fetch/rebase/push, npm version, gh pr create), run git logs, and drive a browser tool (open, click, screenshot, read console). Those operations are in-scope for a release/QA skill, but they give the agent the ability to modify code, create PRs, and interact with arbitrary web pages — so the instructions grant significant operational power and should be paired with explicit gating/approval steps.
Install Mechanism
Instruction-only skill (no install spec, no code). This is lowest install risk: nothing is downloaded or written by the skill package itself.
Credentials
The skill declares no required environment variables or credentials but expects to use gh/git push and browser automation that will require authentication and possibly secrets (GitHub tokens, SSH keys, app credentials, site logins). The absence of declared creds/primaryEnv is a mismatch; consumers need to be aware the agent will implicitly require repository and browser credentials to perform /ship and /qa actions.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill's instructions include destructive operations (git push --force-with-lease, git revert, npm version) and automated shipping — these are coherent with the stated function but increase risk if the agent or its subagents are granted broad repo/CI credentials or if runs are allowed without manual approval.
What to consider before installing
This skill appears to implement a realistic, powerful release/QA process, but it implicitly requires credentials and runtime privileges that it does not declare. Before installing or enabling it: 1) Expect it to need Git/GitHub authentication (SSH key or GH token), browser login credentials, and access to the workspace/repo — do not provide production-wide tokens. 2) Prefer least-privilege tokens (scoped GitHub tokens, deploy-only keys) and test in a sandbox repository or staging environment first. 3) Require manual approval or a confirm step before running /ship or any operation that pushes, rebases, or reverts commits. 4) Audit subagent permissions and the platform’s browser tooling — automated browsers can access arbitrary URLs and capture data. 5) If you want to use QA features, ensure credentials are stored securely and consider using temporary or read-only credentials for testing. These steps reduce the chance the agent will inadvertently push or exfiltrate sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97ey1qykce3rqxxyha8aqjfsh83xfnc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.